From the course: Red Hat Enterprise Linux 8 Essential Training
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Manage SELinux for web services
From the course: Red Hat Enterprise Linux 8 Essential Training
Manage SELinux for web services
- [Instructor] Like any service that's outward facing, Apache has a large attack surface. It's a very well written piece of software, and it's secure, but also benefits by being protected by SELinux. A lot of functionality is denied in the base configuration. If you want Apache to do anything outside the norm, you will need to change an SELinux boolean or two. On our Hhost1 in the terminal, lets get a list of SELinux booleans for Apache by using getsebool. Type in getsebool -a | grep httpd and hit enter. And go ahead and scroll up to the top of the list. A few booleans that are important are httpd_anon_write which allows Apache to write to any directory with the type of public_content_rw_t. This could be an existing directory, or you can change the security context of a directory manually, and with the booleans set, access it with Apache. By setting httpd_can_check_spam, you can have Apache check for spam. To get Apache to act as a network relay, set httpd_can_network_relay. If you…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
-
-
-
-
-
Web services introduction44s
-
Install and configure Apache4m 47s
-
Manage SELinux for web services3m 22s
-
Configure a basic Apache web server2m 6s
-
Configure access control on directories2m 2s
-
Configure private access using basic auth7m 24s
-
Configure group-managed content7m 32s
-
Configure a virtual host5m 36s
-
Configure a virtual host on a nonstandard port6m 5s
-
Configure a secure virtual host4m 24s
-
Deploy a basic CGI application2m 24s
-
Generating key pairs and self-signed certificates4m 28s
-
Challenge: Web services private site53s
-
Solution: Web services private site6m 25s
-
Deploy a basic CGI application2m 13s
-
-
-
-
-
-