Mandatory access control (MAC) is an essential element to modern system security. SELinux is a common implementation of MAC that must be well understood by engineers in order to incorporate the most ideal security practices into production systems. This exercise delves into a common occurrence relating to MAC; troubleshooting a system that is experiencing errors as a consequence of SELinux.
Successfully complete this lab by achieving the following learning objectives:
- Verify there is an error by trying to access `localhost:80/index.html` using curl on the `www` host and check the audit log using sealert. Direct the output from sealert to `/home/cloud_user/seinfo.txt`.
curl localhost:80/index.htmlto confirm the error.
sealert -a /var/log/audit/audit.log > /home/cloud_user/seinfo.txt.
- Examine `/home/cloud_user/seinfo.txt` to figure out what is wrong and fix the error regarding `/var/www/html/index.html`.
- Reviewing the
seinfo.txtfile should indicate the context for
restorecon /var/www/html/index.htmlto fix the issue.
- Reviewing the
- Restart `httpd` to check for other possible issues and correct any issues you might find.
systemctl restart httpd(note:
httpdshould fail to restart).
- Based on
journalctl --xeor by re-examining the audit log with sealert, you will see the file context is incorrect on
restorecon /etc/httpd/conf/httpd.confto fix the context on
systemctl start httpdand service should be restored.
- Confirm `localhost:80/index.html` loads correctly with curl on the `www` host.
curl localhost:80/index.htmland verify that you get the message "The website is up".