Redhat Linux 9:Thiết lập SELinux context cho các port " cổng dịch vụ"

January 4, 2024

Link playlist
Red Hat Enterprise Linux Administration

2024 01 03 13 15 50

Managing Port Access
Managing file context is a key skill on the exam, but it is not the
only skill that matters. When services are configured to listen
on a nondefault port, you’ll need to set the appropriate context
on the port or access will be denied.
To set a port label, use semanage port. If, for instance, you
want your Apache web server to offer services on port 8008, use
semanage port -a -t http_port_t -p tcp 8008. After changing the
port label, you don’t have to run the restorecon utility—the
change will be effective immediately. In Exercise 22-5 you’ll
learn how to change a port label.
Exercise 22-5 Changing Port Labels
1. From a root shell, type vim /etc/httpd/conf/httpd.conf. Look
up the line that starts with Listen and change it so that it
reads Listen 82.
2. Use systemctl restart httpd to restart the Apache server
with this new setting. You will see an error message.
3. Type systemctl status httpd. The log messages show
“Permission denied … could not bind to address 0.0.0.0:82.”
4. Use setenforce 0 to set SELinux to permissive mode and
systemctl restart httpd to restart Apache. It will now work,
so you have confirmed that the problems are caused by
SELinux.
5. Type setenforce 1 to switch back to enforcing mode.
6. Type semanage port -a -t http_port_t -p tcp 82 to apply the
correct port label.
7. Use systemctl restart httpd. It will now restart without any
issues.