January 2018
Intermediate to advanced
376 pages
8h 45m
English
Content preview from Mastering Linux Security and Hardening
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Hands-on lab – SELinux Booleans and ports
In this lab, you'll view the effects of having Apache try to listen on an unauthorized port:
- View the ports that SELinux allows the Apache web server daemon to use:
sudo semanage port -l | grep 'http'
- Open the /etc/httpd/conf/httpd.conf file in your favorite text editor. Find the line that says Listen 80 and change it to Listen 82. Restart Apache by entering the following:
sudo systemctl restart httpd
- View the error message you receive by entering:
sudo tail -20 /var/log/messages
- Add port 82 to the list of authorized ports and restart Apache:
sudo semanage port -a 82 -t http_port_t -p tcp sudo semanage port -l sudo systemctl restart httpd
- Delete the port that you just added:
sudo semanage ...