Linux+ Security: Implement SELinux
In this lab, you will gain practical experience with managing different SELinux modes and configuring its file. You will also learn how to inspect the context of a file, directory, or process. Additionally, you will understand how to change the SELinux context of files and directories using the chcon and semanage commands. For example, you will change the context type of the root directory of the Apache web server temporarily, and then make it permanent by modifying the SELinux policy. Additionally, you will explore how to configure SELinux booleans.
Terms and conditions apply.
Challenge
Get Started in the Lab Environment
Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!
Challenge
Manage SELinux Modes
To start the lab, you will gain hands-on experience in understanding the different modes of SELinux and its configuration file. You will also learn how to switch between permissive mode and enforcing mode on a running system, and how to make these changes permanent by modifying the SELinux configuration file.
Challenge
Examine the SELinux Context
You will now learn how to inspect the context of a file, directory, or process. This will help you understand which processes can access specific files, directories, and ports. You will also explore how SELinux assigns labels to processes and files through a context, which includes details such as an SELinux user, role, type, and, optionally, a level.
Challenge
Change the Context Type
Your objective is to modify the context type of the root directory in the Apache web server, and then check the response of the Apache web page.
Challenge
Configure SELinux Booleans
In this challenge, you will learn how to list and obtain information about SELinux booleans on the server. This includes the current status, default status, and description of each boolean. Additionally, you will practice changing the SELinux boolean setting of ftp_home_dir from off to on.
Challenge
Change the SELinux Context Type Permanently
To finish this lab, you will learn how to change the SELinux context type of files and directories using the semanage and chcon commands. First, you will create a new root directory for the Apache webserver called /webpage. Until you change the context type of this directory from the default to httpd_sys_content_t, the Apache process will not be able to access the web content placed in the /webpage directory. Additionally, you will learn how to make these changes permanent by adding them to the SELinux policy using the semanage command.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
Recommended prerequisites
- Basic Linux commands knowledge.
- Knowledge of how to use vim is useful
- Familiarity with concepts in the video course CompTIA Linux+: Security