From the course: Red Hat Enterprise Linux 8 Essential Training

Deploy a basic CGI application

From the course: Red Hat Enterprise Linux 8 Essential Training

Start my 1-month free trial

Deploy a basic CGI application

- [Instructor] For this exercise, you'll want to be logged into rhhost1 with a terminal open. We will run a script under CGI that displays some information about the web server. I've created a CGI script for you and included it in the exercise files for this chapter. You'll want to copy the loggedin.sh file to /var/www/cgi-bin, once you've done that, let's take a look at it. Type in less /var/www/cgi-bin/loggedin.sh and hit enter. It's a very simple script that presents some html on the screen and runs the date command. It also runs the who command. Now let's see it work, press Q to quit. Now let's make it executable by typing in sudo chmod +x/var/www/cgi-bin/loggedin.sh and hit enter. We need to turn on an SELinux boolean to allow CGI scripts. Type in clear and then type in sudo setsebool -P httpd_enable_cgi 1 and hit enter. Now let's restart Apache, type in sudo systemsctl restart httpd. Now let's test it using Firefox. Type in firefox rhhost1.localnet.com/cgi-bin/loggedin.sh. You will notice that it does not show which users are logged in, also, a SELinux alert has popped up. If you click on show alert, we can see why. Click on details and we can see that SELinux has prevented the who command from reading the UTMP file. SELinux keeps a close eye on which commands are accessing which resources. If we wanted to continue, we'd walk through the suggestions to get SELinux to allow our script to execute. If we wanted to run our CGI script from a non-standard location, we'd want to change our SELinux security context using semanage fcontext. The security context we'd want to change it to would by httpd_assist_script_exact_t.

Contents