In this lab, you'll view the effects of having Apache try to listen on an unauthorized port:
- View the ports that SELinux allows the Apache web server daemon to use:
sudo semanage port -l | grep 'http'
- Open the /etc/httpd/conf/httpd.conf file in your favorite text editor. Find the line that says Listen 80 and change it to Listen 82. Restart Apache by entering the following:
sudo systemctl restart httpd
- View the error message you receive by entering:
sudo tail -20 /var/log/messages
- Add port 82 to the list of authorized ports and restart Apache:
sudo semanage port -a 82 -t http_port_t -p tcp
sudo semanage port -l
sudo systemctl restart httpd
- Delete the port that you just added:
sudo semanage -d 82 -t http_port_t -p tcp
- Go back into the /etc/httpd/conf/httpd.conf file and change Listen 82 back to Listen 80. Restart the Apache daemon to return to normal operation.
- End of lab.
Okay, you've seen how SELinux can protect you against various bad things, and how to troubleshoot things that go wrong. Let's turn our attention to AppArmor.