5. Using SELinux | Red Hat Enterprise Linux Server Cookbook

Sign In Start Free Trial

Book Overview & Buying
Table Of Contents

Red Hat Enterprise Linux Server Cookbook

By : Jakub Gaj, Leemans

5 (6)

Red Hat Enterprise Linux Server Cookbook

5 (6)

By: Jakub Gaj, Leemans

Overview of this book

Dominating the server market, the Red Hat Enterprise Linux operating system gives you the support you need to modernize your infrastructure and boost your organization’s efficiency. Combining both stability and flexibility, RHEL helps you meet the challenges of today and adapt to the demands of tomorrow. This practical Cookbook guide will help you get to grips with RHEL 7 Server and automating its installation. Designed to provide targeted assistance through hands-on recipe guidance, it will introduce you to everything you need to know about KVM guests and deploying multiple standardized RHEL systems effortlessly. Get practical reference advice that will make complex networks setups look like child’s play, and dive into in-depth coverage of configuring a RHEL system. Also including full recipe coverage of how to set up, configuring, and troubleshoot SELinux, you’ll also discover how secure your operating system, as well as how to monitor it.

Preface

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Conventions

Reader feedback

Customer support

Free Chapter

1. Working with KVM Guests

1. Working with KVM Guests

Introduction

Installing and configuring a KVM

Configuring resources

Building guests

Adding CPUs on the fly

Adding RAM on the fly

Adding disks on the fly

Moving disks to another storage

Moving VMs

Backing up your VM metadata

2. Deploying RHEL "En Masse"

2. Deploying RHEL "En Masse"

Introduction

Creating a kickstart file

Publishing your kickstart file using httpd

Deploying a system using PXE

Deploying a system using a custom boot ISO file

3. Configuring Your Network

3. Configuring Your Network

Introduction

Creating a VLAN interface

Creating a teamed interface

Creating a bridge

Configuring IPv4 settings

Configuring your DNS resolvers

Configuring static network routes

4. Configuring Your New System

4. Configuring Your New System

Introduction

The systemd service and setting runlevels

Starting and stopping systemd services

Configuring the systemd journal for persistence

Monitoring services using journalctl

Configuring logrotate

Managing time

Configuring your boot environment

Configuring smtp

5. Using SELinux

5. Using SELinux

Introduction

Changing file contexts

Configuring SELinux booleans

Configuring SELinux port definitions

Troubleshooting SELinux

Creating SELinux policies

Applying SELinux policies

6. Orchestrating with Ansible

6. Orchestrating with Ansible

Introduction

Install Ansible

Configuring the Ansible inventory

Creating a template for a kickstart file

Creating a playbook to deploy a new VM with kickstart

Creating a playbook to perform system configuration tasks

Troubleshooting Ansible

7. Puppet Configuration Management

7. Puppet Configuration Management

Introduction

Installing and configuring Puppet Master

Installing and configuring the Puppet agent

Defining a simple module to configure time

Defining nodes and node grouping

Deploying modules to single nodes and node groups

8. Yum and Repositories

8. Yum and Repositories

Introduction

Managing yum history

Creating a copy of an RHN repository

Configuring additional repositories

Setting up yum to automatically update

Configuring logrotate for yum

Recovering from a corrupted RPM database

9. Securing RHEL 7

9. Securing RHEL 7

Introduction

Installing and configuring IPA

Securing the system login

Configuring privilege escalation with sudo

Secure the network with firewalld

Using kdump and SysRq

Using ABRT

Auditing the system

10. Monitoring and Performance Tuning

10. Monitoring and Performance Tuning

Introduction

Tuning your system's performance

Setting up PCP – Performance Co-Pilot

Monitoring basic system performance

Monitoring CPU performance

Monitoring RAM performance

Monitoring storage performance

Monitoring network performance

Index

Index

Configuring SELinux port definitions

SELinux also controls access to your TCP/IP ports. If your application is confined by SELinux, it will also deny access to your ports when starting up the application.

This recipe will show you how to detect which ports are used by a particular SELinux type and change it.

How to do it…

Let's allow the HTTP daemon to listen on the nonstandard port 82 through the following steps:

First, look for the ports that are accessed by HTTP via these commands:

~# semanage port -l |grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
~#

The SELinux port assignment we're looking for is http_port_t. As you can see, only the displayed ports (80, 81, 443, 488, 8008, 8009, 8443, and 9000) are allowed to be used to listen on by any process...

Visually different images

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

Red Hat Enterprise Linux Server Cookbook

Search

Your notes and bookmarks