linux_wiki:network_services_overview_apache_web_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux_wiki:network_services_overview_apache_web_server [2016/10/06 21:11]
billdozor [SELinux: Configure Non Standard Port] 		linux_wiki:network_services_overview_apache_web_server [2019/05/25 23:50] (current)
Line 12: Line 12:
   * Configure the service for basic operation   * Configure the service for basic operation
   * Configure host-based and user-based security for the service   * Configure host-based and user-based security for the service
 +
 +----
 +
 +====== Lab Setup ======
 +
 +The following virtual machines will be used:
 +  * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here
 +  * server2.example.com (192.168.1.151) -> Install Apache Web Server here
  
 ---- ----
Line 36: Line 44:
  
   * Service agnostic -> [[linux_wiki:set_enforcing_and_permissive_modes_for_selinux|Ensure SELinux is running and enabled (RHCSA objective)]].   * Service agnostic -> [[linux_wiki:set_enforcing_and_permissive_modes_for_selinux|Ensure SELinux is running and enabled (RHCSA objective)]].
 +  * **IMPORTANT**: View all label types<code bash># Install package
 +yum install setools-console
 +
 +# View all label types
 +seinfo -t
 +
 +# Find Apache types
 +seinfo -t | grep httpd
 +</code>
  
 ---- ----
Line 46: Line 63:
   * Tip: To see current port labels<code bash>semanage port -l | grep http</code>   * Tip: To see current port labels<code bash>semanage port -l | grep http</code>
  
----- 
  
 __**Change HTTPD's Port**__ __**Change HTTPD's Port**__
Line 72: Line 88:
   * Should see permission denied to make socket 8282   * Should see permission denied to make socket 8282
  
----- +\\
 __**SELinux: Configure Non Standard Port**__ __**SELinux: Configure Non Standard Port**__
  
Line 126: Line 141:
 Allow access through the firewall Allow access through the firewall
 <code bash> <code bash>
 +# Standard http/https ports
 firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=http
 firewall-cmd --permanent --add-service=https firewall-cmd --permanent --add-service=https
 +firewall-cmd --reload
 +
 +# Non-standard port example
 +firewall-cmd --permanent --add-port=8282/tcp
 firewall-cmd --reload firewall-cmd --reload
 </code> </code>
Line 135: Line 155:
 /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf
 <code bash> <code bash>
-<RequireAll+<Directory "/var/www/html"
-  Require host myserver.local +   
-  Require not host notmyserver.local +  # Blacklist "server1" 
-</RequireAll>+  <RequireAll> 
 +    Require all granted 
 +    Require not host server1 
 +  </RequireAll
 +   
 +</Directory>
 </code> </code>
-  * The above will allow access from myserver.local, but deny notmyserver.local from accessing the web server+  * The above will allow access from all hosts except "server1" 
 +  * Must be inside of a <Directory> context. 
 ===== User Based ===== ===== User Based =====
  
  • linux_wiki/network_services_overview_apache_web_server.1475802713.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)