Converting SELinux Log File with sealert and Finding Entries for HTTP in the Log File

45 minutes
  • 4 Learning Objectives

About this Hands-on Lab

The objective of this lab is to convert the SELinux log file with `sealert` and find entries for HTTP in the log file. You have a situation where Apache does not seem to be working properly and SELinux is presenting a problem. It is your job to look at the SELinux output log file, understand what the problem might be, and try to find a solution to the problem based on it. First, you will need to convert the contents of the `/var/log/audit/audit.log` SELinux log file to something that is more understandable to humans. Next, you need to see if you can find any entries in regard to the web server in the log file. You are basically fixing a problem with the misconfiguration of SELinux and making the Apache server functional again. When you do that, the Apache server should become available and you should verify that you solved the problem by accessing it from outside the server through your web browser.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Verify Image Loading Error and Investigate the Cause
  1. Go to the website at http://<PUBLIC_IP_ADDRESS> and verify that the LA_Logo.png image does not load.

  2. Verify that the SELinux is the cause of the problem.

Search the SELinux Logs for Problems
  1. Search the SELinx logs with ausearch and sealert to find the cause of the problem.

  2. Notice that /var/www/LA_Logo.png has a wrong label.

Resolve the Image Loading Error

Change the label of of /var/www/LA_Logo.png to match the label of /var/www/index.html.

Confirm the Error Was Resolved

Confirm that the problem has been fixed by trying to access the site at http://<PUBLIC_IP_ADDRESS> via your browser.

Additional Resources

The initial SSH Port is 61613, and that is the port you will use to initially connect to server via SSH.

SELinux logs are awesome. They are an abundant source of information about the events that take place on your system; they offer a detailed account of everything that was attempted and denied. However, all that is absolutely useless to us if we do not know how to read and interpret those logs. With that in mind, this lab has been created with a problem where the file La_Logo.png, located in the DocumentRoot, is not accessible and cannot be served. The website loads, but it cannot retrieve this image or display it to the client visiting the website. Your job is to find the log entries related to this problem.

You can begin by finding all the log entries in regard to the web server with the string "http". Find the source of the problem, implement the solution, and confirm that the Apache web server serves the image to the client when the client visits the website. The final solution to the problem cannot involve disabling SELinux or putting it into permissive mode. It must remain in enforcing mode!

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?