Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon

Finding a Problem Caused by a Misconfiguration of SELinux and Troubleshooting the Issue

In this lab, you will be presented with inadequate SELinux configurations that are causing problems. Your job is to perform the correct reconfigurations so everything works properly for the given cases. The first problem involves a web server running that needs to be accessed through an atypical port not usually used by the web servers. SELinux, however, is not allowing you to do this. You need to figure out why, how it is doing this, and effect changes that will persist after reboots. There's also another problem: The web server is not able to serve the proper files to the end user due to improper configuration. The idea is to be able to grant or revoke access with SELinux depending on the needs and problems you encounter. In order to troubleshoot problems with SELinux, you will need to access and analyze the log files, locate the problems, and then implement an adequate solution. You should not use the global SELinux permissive state for verification.

Google Cloud Platform icon

Path Info

Clock icon Intermediate
Clock icon 1h 0m
Clock icon Mar 06, 2020

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Install Troubleshooting Tools

    Install the troubleshooting tools:

    sudo yum install -y setroubleshoot setools
  2. Challenge

    Attempt to Start Apache Web Server on Port 9100

    After failed attempts to start the Apache web werver on port 9100, find the line in the log files to confirm SELinux is the core issue.

    Using grep

    grep httpd /var/log/audit/audit.log

    Using Both tail and grep

    tail -n 100 /var/log/audit/audit.log | grep -i httpd

    Using tail

    tail -f /var/log/audit/audit.log 

    Watch the Log in Real Time, in Another Terminal

    sudo systemctl start httpd 

    Using ausearch

    sudo ausearch -p <process id>

    Look at the Auditor

    sudo grep httpd /var/log/audit/audit.log | audit2why
  3. Challenge

    Locate Port Label for Apache Web Server and Add the Needed Port

    Locate the port label for Apache web server and add the needed port. Afterward, restart the Apache web server.

    1. List all the possible port labels and search the list for http:

      semanage port -l | grep -i http
    2. Add port 9100 to the http_port_t label:

      semanage port -m -t http_port_t -p tcp 9100
  4. Challenge

    Locate the SELinux Context for `index.html`

    1. Create a file:

      sudo touch /var/www/html/test 
    2. View the context:

      ls -Z /var/www/html/
    3. Change the context of the file:

      semanage fcontext -a -t httpd_sys_content_t /var/www/html/index.html
    4. Reset the security context:

      restorecon -v /var/www/html/index.html

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans