Manage SELinux Port Labels

Introduction

In this challenge, you will learn how to manage SELinux port labels. SELinux is a security feature in Linux that provides mandatory access control (MAC) over processes and files. One aspect of SELinux is the ability to label network ports, which can be used to control access to network services. In this challenge, you will learn how to view, modify, and restore SELinux port labels.

Skills Graph

Manage SELinux Port Labels

Tasks

• View the current SELinux port labels on your system
• Modify an existing SELinux port label
• Restore the default SELinux port label for a port

Requirements

• All operations must be performed as the labex user
• You must work in the /home/labex directory or a subdirectory within it
• You must use the semanage command to manage SELinux port labels
• You must provide the output of relevant commands to demonstrate your work

Example

Before modifying the SELinux port label, the output of semanage port -l | grep http might look like this:

http_port_t                    80/tcp
http_port_t                    81/tcp
http_port_t                    443/tcp

After modifying the SELinux port label, the output might look like this:

http_port_t                    80/tcp
http_port_t                    81/tcp
http_port_t                    443/tcp
my_http_port_t                 8080/tcp

Summary

In this challenge, you learned how to manage SELinux port labels using the semanage command. You were able to view the current SELinux port labels, modify an existing label, and restore the default label for a port. This knowledge is important for configuring and securing network services on systems with SELinux enabled.