###############################################
# Some parsing examples on the exercise files #
###############################################

#### To get just the commands that were run
treehouse:SELinux ben$ cat ex2_httpd_directory.txt | egrep "^\[root" | sed s:"^.*\]# "::
yum group install "basic web server"
systemctl enable httpd
systemctl start httpd
firewall-cmd --list-all
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
firewall-cmd --list-all
ss -lntp | grep httpd
grep ^DocumentRoot /etc/httpd/conf/httpd.conf 
echo "original" > /var/www/html/index.html
curl http://localhost
mkdir -p /webcontent/html
echo "new" > /webcontent/html/index.html
systemctl reload httpd
ss -lntp | grep httpd
curl http://localhost
ls -laZR /webcontent/
semanage -l | grep httpd_sys_content_t
yum provides semanage
yum install -y policycoreutils-python
semanage fcontext -l | grep httpd_sys_content_t
semanage fcontext -a -t httpd_sys_content_t '/webcontent(/.*)?'
semanage fcontext -l | grep httpd_sys_content_t
restorecon -vvFR /webcontent/
ls -laZR /webcontent/
curl http://localhost
sealert -a /var/log/audit/audit.log 
grep httpd /var/log/audit/audit.log | audit2allow -M mypol
cat mypol.te 

#### To get just the comments
treehouse:SELinux ben$ cat ex2_httpd_directory.txt | egrep "^#### "
#### Objective: Install, configure, and start httpd to serve content from /webcontent
#### Basic steps:
#### - Install httpd
#### - Start and enable service
#### - Add port to firewall
#### - Update httpd config to serve from /webcontent
#### - Add correct label for /webcontent to default policy
#### - Start/restart httpd
#### Full solution:
#### Install packages for apache (httpd)
#### start/enable httpd service, and  make hole in firewall for tcp/8001
#### httpd is now listening on 80 and 443
#### Observe in /etc/httpd/conf/httpd.conf what your document root is
#### Create a recognizable page in /var/www/html
#### Verify that you get the original page from the web server
#### Create a new directory for web content and create new index page
#### Update httpd configuration to point to new location
#### change 'DocumentRoot "/var/www/html"' to 'DocumentRoot "/webcontent/html"'
#### and add the following right below it
#### Reload httpd config and verfiy service is still up
#### Try to get the webpage
#### You should get the default CentOS apache landing page
#### From /var/log/httpd/error_log
#### From /var/log/audit/audit.log
#### Nothing in /var/log/messages or service logs (systemctl status httpd)
#### The audit log errors look like file label issues
#### Let's check the label on our index file, doesn't look right
#### Check to see what the label is in the default policy, but wait no semanage command
#### What package is that from?
#### Great, let's install it
#### Now let's check the default policy for httpd_sys_content_t
#### Update default policy to include correct label for /webcontent and it's sub-directories, and check it's there
#### Apply the labels and verify
#### You don't even have to reload httpd config so just verify that it works
#### Success!
#### If you're familiar with the error, then the output above from audit.log may give you enough clues
#### But here is one thing that you can do to make unknown errors more understandable
#### install setroubleshoot-server package
#### Run sealert on /var/log/audit/audit.log
#### The sealert output actually gives me some commands to run to fix it. Let's try the second method
#### This looks like it was trying to fix http trying to get file attributes on a file
#### Its method fixing it is to allow httpd_t to get attributes on default_t (basically most) files
#### This is probably not the fix that you want, so beware
#### The method in the first alert was actually what we want to do, though that may not
#### have been very clear from the way it was stated

