LabEx
Log InJoin Free

Manage SELinux Port Labels

Red Hat Enterprise LinuxIntermediate
Practice Now

Introduction

Security-Enhanced Linux (SELinux) is a critical security mechanism in Red Hat Enterprise Linux that enforces mandatory access control (MAC) policies. A key aspect of this is labeling, which extends to network ports. By assigning specific SELinux labels to ports, you can control which services are allowed to bind to them.

In this challenge, you will practice managing SELinux port labels. You will learn how to view existing port definitions, add a new label to permit a service on a non-standard port, and then remove that definition to restore the original policy.

Manage SELinux Port Labels

Imagine you are a system administrator who needs to configure a web server to run on a non-standard port, 8081. By default, SELinux will prevent the web server process (e.g., httpd) from binding to this port because it lacks the correct SELinux label. Your task is to use the semanage utility to temporarily add the correct label to port 8081 and then remove it.

Tasks

  • View the existing SELinux port labels associated with the HTTP service.
  • Add a new rule to label TCP port 8081 with the http_port_t type, allowing web servers to use it.
  • After confirming the new rule, delete the custom rule for TCP port 8081 to revert the change.

Requirements

  • All commands must be executed as the labex user. Use sudo where administrative privileges are required.
  • All operations must be performed in the /home/labex directory.
  • You must use the semanage command to manage SELinux port labels.

Example

Before you add the new port label, querying for http_port_t will show the default ports:

## sudo semanage port -l | grep http_port_t
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988

After you add a rule for port 8081, the output should include the new port:

## sudo semanage port -l | grep http_port_t
http_port_t                    tcp      8081, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988

Summary

In this challenge, you have learned the fundamental operations for managing SELinux network port labels. You practiced using the semanage port command to view existing policies, add a new port definition with semanage port -a, and remove it with semanage port -d. Properly labeling ports is a crucial skill for deploying network services securely on an SELinux-enabled system like Red Hat Enterprise Linux.

✨ Check Solution and Practice
Related Red Hat Enterprise Linux Courses
Red Hat System Administration (RH124) Certification Labs

Red Hat System Administration (RH124) Certification Labs

rhellinux
Red Hat System Administration (RH134) Certification Labs

Red Hat System Administration (RH134) Certification Labs

rhellinux
Red Hat Enterprise Linux Automation with Ansible (RH294) Certification Labs

Red Hat Enterprise Linux Automation with Ansible (RH294) Certification Labs

rhelansiblelinux