Lab SELINUX - LouisNajdek/sec440 GitHub Wiki

sudo yum install httpd

vi /etc/httpd/conf/conf.d, change listen port to 8080

sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp

Create the following user accounts- regularuser switcheduser guestuser restrictedduser

And install the following packages sudo yum install policycoreutils policycoreutils-python-utils selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans

Use ls -lZ to view SELinux information

restorecon will restore default SELinux for file in directory

Apache userdir

Edit /etc/httpd/conf.d/userdir.conf to enable UserDir, can specify UserDir with UserDir enabled USER_NAME

Restart apache

chmod 711 /home/USER_NAME

sudo chown USER_NAME:USER_NAME /home/USER_NAME/workspace

chmod 755 /home/USER_NAME/workspace

sudo setsebool -P httpd_enable_homedirs true

sudo chcon -R -t httpd_sys_content_t /home/USER_NAME/workspace

Change SSH port

sudo vi /etc/ssh/sshd_config, uncomment #22 and change to port desired.

bind with sudo semanage port -a -t ssh_port_t -p tcp 2222 (or whatever port desired)

verify with semanage port -l | grep ssh

sudo firewall-cmd --add-port=2222/tcp --permanent && sudo firewall-cmd --reload