Security Enhanced Linux (SELinux), is an additional layer of system security, that enhances the other security mechanisms in RHEL 8. In this hands-on lab, we will examine SELinux at a high level, will set and check enforcing and permissive modes for SELinux, list and identify SELinux file and process context, restore default file contexts, use boolean settings to modify system SELinux settings, and diagnose and address routine SELinux policy violations on RHEL 8.
Successfully complete this lab by achieving the following learning objectives:
- Diagnose a Reported Apache Server Issue
- Discover an Apache Server access issue.
- Attempt to start Apache and view status.
- Query the system journal for errors and issues.
- Test if the issue is SELinux-related.
- Troubleshoot Possible SELinux Errors Affecting Apache
- Re-enable SELinux and check the status.
- Investigate audit and other logs for errors.
- Discover the issue is related to the non-standard port.
- Create and Apply a Local Policy Module to Fix the Apache Issue
audit2allowto generate a local policy module.
- Investigate the generated policy module files.
- Apply the policy module.
- Test apache access.
- Clean Up any Additional SELinux-related Issues
- Check the logs again for errors.
getattrissues for httpd files.
- Set context for the affected files.
- Test for any additional errors.