In this lab, you'll install the Apache web server and the appropriate SELinux tools. You'll then view the effects of having the wrong SELinux type assigned to a web content file if you're ready, let's go:
- Install Apache, along with all the required SELinux tools on CentOS 7:
sudo yum install httpd setroubleshoot setools policycoreutils policycoreutils-python
On CentOS 8, use the following command:
sudo dnf install httpd setroubleshoot setools policycoreutils policycoreutils-python-utils
- Activate setroubleshoot by restarting the auditd service:
sudo service auditd restart
- Enable and start the Apache service and open port 80 on the firewall:
sudo systemctl enable --now httpd
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload
- In the /var/www/html directory, create an index.html file with the following contents:
<html>
<head>
<title>SELinux Test Page</title>
</head>
<body>
This is a test of SELinux.
</body>
</html>
- View the information about the index.html file:
ls -Z index.html
- In your host machine's web browser, navigate to the IP address of the CentOS virtual machine. You should be able to view the page.
- Induce an SELinux violation by changing the type of the index.html file to something that's incorrect:
sudo chcon -t tmp_t index.html
ls -Z index.html
- Go back to your host machine's web browser and reload the document. You should now see a Forbidden message.
- Use restorecon to change the file back to its correct type:
sudo restorecon index.html
- Reload the page in your host machine's web browser. You should now be able to view the page.
- End of lab.
Now that we've seen how to use basic SELinux commands, let's look at a cool tool that makes troubleshooting much easier.