From the course: Red Hat Enterprise Linux 8 Essential Training

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Manage SELinux for web services

Manage SELinux for web services

From the course: Red Hat Enterprise Linux 8 Essential Training

Start my 1-month free trial

Manage SELinux for web services

- [Instructor] Like any service that's outward facing, Apache has a large attack surface. It's a very well written piece of software, and it's secure, but also benefits by being protected by SELinux. A lot of functionality is denied in the base configuration. If you want Apache to do anything outside the norm, you will need to change an SELinux boolean or two. On our Hhost1 in the terminal, lets get a list of SELinux booleans for Apache by using getsebool. Type in getsebool -a | grep httpd and hit enter. And go ahead and scroll up to the top of the list. A few booleans that are important are httpd_anon_write which allows Apache to write to any directory with the type of public_content_rw_t. This could be an existing directory, or you can change the security context of a directory manually, and with the booleans set, access it with Apache. By setting httpd_can_check_spam, you can have Apache check for spam. To get Apache to act as a network relay, set httpd_can_network_relay. If you…

Contents