In this lab, you'll install the Apache web server and the appropriate SELinux tools. You'll then view the effects of having the wrong SELinux type assigned to a web content file if you're ready, let's go:

1. Install Apache, along with all the required SELinux tools on CentOS 7:

sudo yum install httpd setroubleshoot setools policycoreutils policycoreutils-python

On CentOS 8, use the following command:

sudo dnf install httpd setroubleshoot setools policycoreutils policycoreutils-python-utils

2. Activate setroubleshoot by restarting the auditd service:

sudo service auditd restart

3. Enable and start the Apache service and open port 80 on the firewall:

sudo systemctl enable --now httpd
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload

4. In the /var/www/html directory, create an index.html file with the following contents:

<html>
   <head>
      <title>SELinux Test Page</title>
   </head>
   <body>
      This is a test of SELinux.
   </body>
</html>

5. View the information about the index.html file:

ls -Z index.html

6. In your host machine's web browser, navigate to the IP address of the CentOS virtual machine. You should be able to view the page.
7. Induce an SELinux violation by changing the type of the index.html file to something that's incorrect:

sudo chcon -t tmp_t index.html
ls -Z index.html

8. Go back to your host machine's web browser and reload the document. You should now see a Forbidden message.
9. Use restorecon to change the file back to its correct type:

sudo restorecon index.html

10. Reload the page in your host machine's web browser. You should now be able to view the page.
11. End of lab.

Now that we've seen how to use basic SELinux commands, let's look at a cool tool that makes troubleshooting much easier.