RH199 - ch05s06

Preface A: Introduction

Section A.1: Orientation to the Classroom Lab Environment

Chapter 1: Local and Remote Logins

Section 1.1: Accessing the Command Line Using the Local Console

Section 1.2: Quiz: Local Console Access Terms

Section 1.3: Configuring SSH Key-based Authentication

Section 1.4: Guided Exercise: Using SSH Key-based Authentication

Section 1.5: Getting Help From Red Hat

Section 1.6: Guided Exercise: Creating and Viewing an SoS Report

Chapter 2: File System Navigation

Section 2.1: The Linux File System Hierarchy

Section 2.2: Quiz: File System Hierarchy

Section 2.3: Managing Files Using Command-Line Tools

Section 2.4: Guided Exercise: Command-Line File Management

Section 2.5: Making Links Between Files

Section 2.6: Guided Exercise: Making Links Between Files

Chapter 3: Users and Groups

Section 3.1: Users and Groups

Section 3.2: Quiz: User and Group Concepts

Section 3.3: Gaining Superuser Access

Section 3.4: Guided Exercise: Running Commands as root

Section 3.5: Managing Local User Accounts

Section 3.6: Guided Exercise: Creating Users Using Command-line Tools

Section 3.7: Managing Local Group Accounts

Section 3.8: Guided Exercise: Managing Groups Using Command-line Tools

Section 3.9: Managing User Passwords

Section 3.10: Guided Exercise: Managing User Password Aging

Section 3.11: Using Identity Management Services

Section 3.12: Guided Exercise: Connecting to a Central LDAP and Kerberos Server

Section 3.13: Lab: Managing Linux Users and Groups

Chapter 4: File Permissions

Section 4.1: Managing File System Permissions from the Command Line

Section 4.2: Guided Exercise: Managing File Security from the Command Line

Section 4.3: Managing Default Permissions and File Access

Section 4.4: Guided Exercise: Controlling New File Permissions and Ownership

Section 4.5: POSIX Access Control Lists (ACLs)

Section 4.6: Quiz: Interpret ACLs

Section 4.7: Securing Files with ACLs

Section 4.8: Guided Exercise: Using ACLs to Grant and Limit Access

Chapter 5: SELinux Permissions

Section 5.1: Enabling and Monitoring Security Enhanced Linux (SELinux)

Section 5.2: Quiz: SELinux Concepts

Section 5.3: Changing SELinux Modes

Section 5.4: Guided Exercise: Changing SELinux Modes

Section 5.5: Changing SELinux Contexts

SectionSection 5.6: Guided Exercise: Changing SELinux Contexts

Section 5.7: Changing SELinux Booleans

Section 5.8: Guided Exercise: Changing SELinux Booleans

Section 5.9: Troubleshooting SELinux

Section 5.10: Guided Exercise: Troubleshooting SELinux

Section 5.11: Lab: Managing SELinux Security

Chapter 6: Process Management

Section 6.1: Killing Processes

Section 6.2: Guided Exercise: Killing Processes

Section 6.3: Monitoring Process Activity

Section 6.4: Guided Exercise: Monitoring Process Activity

Section 6.5: Using nice and renice to Influence Process Priority

Section 6.6: Guided Exercise: Discovering Process Priorities

Section 6.7: Lab: Managing Priority of Linux Processes

Chapter 7: Updating Software Packages

Section 7.1: Attaching Systems to Subscriptions for Software Updates

Section 7.2: Quiz: Red Hat Subscription Management

Section 7.3: Managing Software Updates with yum

Section 7.4: Guided Exercise: Installing and Updating Software with yum

Section 7.5: Enabling yum Software Repositories

Section 7.6: Guided Exercise: Enabling Software Repositories

Section 7.7: Lab: Installing and Updating Software Packages

Chapter 8: Creating and Mounting File Systems

Section 8.1: Mounting and Unmounting File Systems

Section 8.2: Guided Exercise: Mounting and Unmounting File Systems

Section 8.3: Adding Partitions, File Systems, and Persistent Mounts

Section 8.4: Guided Exercise: Adding Partitions, File Systems, and Persistent Mounts

Section 8.5: Managing Swap Space

Section 8.6: Guided Exercise: Adding and Enabling Swap Space

Section 8.7: Lab: Adding Disks, Partitions, and File Systems to a Linux System

Chapter 9: Service Management and Boot Troubleshooting

Section 9.1: Identifying Automatically Started System Processes

Section 9.2: Guided Exercise: Identify the Status of systemd Units

Section 9.3: Controlling System Services

Section 9.4: Guided Exercise: Using systemctl to Manage Services

Section 9.5: The Red Hat Enterprise Linux Boot Process

Section 9.6: Guided Exercise: Selecting a Boot Target

Section 9.7: Repairing Common Boot Issues

Section 9.8: Guided Exercise: Resetting a Lost root Password

Section 9.9: Repairing File System Issues at Boot

Section 9.10: Guided Exercise: Repairing Boot Problems

Section 9.11: Repairing Boot Loader Issues

Section 9.12: Guided Exercise: Repairing a Boot Loader Problem

Section 9.13: Lab: Controlling Services and Daemons

Chapter 10: Network Configuration

Section 10.1: Validating Network Configuration

Section 10.2: Guided Exercise: Examining Network Configuration

Section 10.3: Configuring Networking with nmcli

Section 10.4: Guided Exercise: Configuring Networking with nmcli

Section 10.5: Editing Network Configuration Files

Section 10.6: Guided Exercise: Editing Network Configuration Files

Section 10.7: Configuring Host Names and Name Resolution

Section 10.8: Guided Exercise: Configuring Host Names and Name Resolution

Section 10.9: Lab: Managing Red Hat Enterprise Linux Networking

Chapter 11: System Logging and NTP

Section 11.1: System Log Architecture

Section 11.2: Quiz: System Logging Components

Section 11.3: Reviewing Syslog Files

Section 11.4: Guided Exercise: Finding Log Entries

Section 11.5: Reviewing systemd Journal Entries

Section 11.6: Guided Exercise: Finding Events With journalctl

Section 11.7: Preserving the systemd Journal

Section 11.8: Guided Exercise: Configure a Persistent systemd Journal

Section 11.9: Maintaining Accurate Time

Section 11.10: Guided Exercise: Adjusting System Time

Section 11.11: Lab: Analyzing and Storing Logs

Chapter 12: Logical Volume Management

Section 12.1: Managing Logical Volumes

Section 12.2: Guided Exercise: Adding a Logical Volume

Section 12.3: Extending Logical Volumes

Section 12.4: Guided Exercise: Extending a Logical Volume

Section 12.5: Lab: Managing Logical Volume Management (LVM) Storage

Chapter 13: Scheduled Processes

Section 13.1: Scheduling System cron Jobs

Section 13.2: Guided Exercise: Scheduling System cron Jobs

Section 13.3: Managing Temporary Files

Section 13.4: Guided Exercise: Managing Temporary Files

Chapter 14: Mounting Network File Systems

Section 14.1: Mounting Network Storage with NFS

Section 14.2: Guided Exercise: Mounting and Unmounting NFS

Section 14.3: Automounting Network Storage with NFS

Section 14.4: Guided Exercise: Automounting NFS

Section 14.5: Accessing Network Storage with SMB

Section 14.6: Guided Exercise: Mounting a SMB File System

Section 14.7: Lab: Accessing Network Storage with Network File System (NFS)

Section 14.8: Lab: Accessing Network Storage with SMB

Chapter 15: Firewall Configuration

Section 15.1: Limiting Network Communication

Section 15.2: Guided Exercise: Limiting Network Communication

Section 15.3: Lab: Limiting Network Communication

Chapter 16: Virtualization and Kickstart

Section 16.1: Defining the Anaconda Kickstart System

Section 16.2: Quiz: Kickstart File Syntax and Modification

Section 16.3: Deploying a New Virtual System with Kickstart

Section 16.4: Guided Exercise: Installing a System Using Kickstart

Section 16.5: Managing a Local Virtualization Host

Section 16.6: Quiz: Managing a Local Virtualization Host

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Guided Exercise: Changing SELinux Contexts

In this lab, you will persistently change the SELinux context of a directory and its contents.

Resources
Files:	`/etc/httpd/conf/httpd.conf`
Machines:	`serverX`

Outcomes

You will have a web server that publishes web content from a non-standard document root.

You should have a working RHEL 7 system with SELinux in enforcing mode.

Log in as root on serverX. Use yum to install the Apache web server.
```
[root@serverX ~]# yum install -y httpd
```
Configure Apache to use a document root in a non-standard location.
1. Create the new document root, /custom.
```
[root@serverX ~]# mkdir /custom
```
2. Create the index.html with some recognizable content.
```
[root@serverX ~]# echo 'This is serverX.' > /custom/index.html
```
3. Configure Apache to use the new location. You need to replace the two occurrences of “/var/www/html” with “/custom” in the Apache configuration file, /etc/httpd/conf/httpd.conf.
```
[root@serverX ~]# vi /etc/httpd/conf/httpd.conf
[root@serverX ~]# grep custom /etc/httpd/conf/httpd.conf
DocumentRoot "/custom"
<Directory "/custom">
```

Start the Apache web service.

[root@serverX ~]# systemctl start httpd

Open a web browser on serverX and try to view the following URL: http://localhost/index.html. You will get an error message that says you do not have permission to access the file.
Define a SELinux file context rule that sets the context type to httpd_sys_content_t for /custom and all the files below it.
```
[root@serverX ~]# semanage fcontext -a -t httpd_sys_content_t '/custom(/.*)?'
```

Use restorecon to change their contexts.

[root@serverX ~]# restorecon -Rv /custom
restorecon reset /custom context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /custom/index.html context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0

Try to view http://localhost/index.html again. You should see the message “This is serverX.” displayed.

Revision: rh199-7-d0984a3