Professional Level

Troubleshooting SELinux

Pricing
30 minutes
  • 4 Learning Objectives

About this Hands-on Lab

Mandatory access control (MAC) is an essential element to modern system security. SELinux is a common implementation of MAC that must be well understood by engineers in order to incorporate the most ideal security practices into production systems. This exercise delves into a common occurrence relating to MAC; troubleshooting a system that is experiencing errors as a consequence of SELinux.

*This course is not approved or sponsored by Red Hat.*

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Verify there is an error by trying to access `localhost:80/index.html` using curl on the `www` host and check the audit log using sealert. Direct the output from sealert to `/home/cloud_user/seinfo.txt`.
  • Run curl localhost:80/index.html to confirm the error.
  • Run sealert -a /var/log/audit/audit.log > /home/cloud_user/seinfo.txt.
Examine `/home/cloud_user/seinfo.txt` to figure out what is wrong and fix the error regarding `/var/www/html/index.html`.
  • Reviewing the seinfo.txt file should indicate the context for /var/www/html/index.html is incorrect.
  • Run restorecon /var/www/html/index.html to fix the issue.
Restart `httpd` to check for other possible issues and correct any issues you might find.
  • Run systemctl restart httpd (note: httpd should fail to restart).
  • Based on journalctl --xe or by re-examining the audit log with sealert, you will see the file context is incorrect on /etc/httpd/conf/httpd.conf.
  • Run restorecon /etc/httpd/conf/httpd.conf to fix the context on httpd.conf.
  • Run systemctl start httpd and service should be restored.
Confirm `localhost:80/index.html` loads correctly with curl on the `www` host.

Run curl localhost:80/index.html and verify that you get the message "The website is up".

Contact SalesSee Pricing

Additional Resources

The website is down! The primary company web page is not presenting correctly, and the sales team is looking to you to fix it. A new junior security engineer was asking about SELinux and the web server earlier in the day. Checking out the www server's SELinux configuration may be a good place to start looking. Verify the error by attempting to access localhost:80/index.html on the www server and correct any issues.

Summary tasks list:

  • Verify there is an error by trying to access localhost:80/index.html using curl on the www host and check the audit log using sealert. Direct the output from sealert to /home/cloud_user/seinfo.txt.
  • Examine /home/cloud_user/seinfo.txt to figure out what is wrong and fix the error regarding /var/www/html/index.html.
  • Restart httpd to check for other possible issues and correct any issues you might find.
  • Confirm localhost:80/index.html loads correctly with curl on the www host.

For more on analyzing SELinux denial messages using sealert, see: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/troubleshooting-problems-related-to-selinux_using-selinux#identifying-selinux-denials_troubleshooting-problems-related-to-selinux

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization