General Information

This page covers the Network Services objectives, specifically for the Apache Web Server.

Network Services Objectives

• Install the packages needed to provide the service
• Configure SELinux to support the service
• Use SELinux port labeling to allow services to use non-standard ports
• Configure the service to start when the system is booted
• Configure the service for basic operation
• Configure host-based and user-based security for the service

Install Apache Web Server (httpd)

yum install httpd

• Service agnostic → Ensure SELinux is running and enabled.

Configuring the Apache Web Server with a non standard port and allowing port access with selinux.

NOTE: “man semanage-port” has examples for allowing non-standard ports!

Change httpd port

vim /etc/httpd/conf/httpd.conf
 
Listen 8282

Restart httpd service

systemctl stop httpd
systemctl start httpd

• service should fail to start

See why

systemctl status httpd -l

• Should see permission denied to make socket 8282

View http ports SELinux allows

semanage port -l | grep http

Label port 8282 for the http service

semanage port -a -t http_port_t -p tcp 8282

• semanage port → SELinux port mapping tool
• -a → add a record
• -t http_port_t → Type http_port_t
• -p tcp → Protocol tcp
• 8282 → the port

Check Current Service Status

systemctl status httpd

• Also displays if the service is enabled or disabled

Enabling a service to start on boot

systemctl enable httpd

• Basic systemctl service control.

Start the service

systemctl start httpd

Allow access through the firewall

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload