Learn › RHCSA (EX200)
Security
Configure firewalld zones and rules. Set up SSH key-based authentication. Manage SELinux modes, file contexts, port labels, and booleans. Diagnose and resolve AVC denials.
Labs in this module
- firewalld: Zones and Rich Rules - Go deeper than firewalld first contact: a zone is a named trust level bound to interfaces and source addresses. See the live ones with firew
- SSH Key-Based Authentication - Replace typed passwords with a cryptographic key pair so logins, and scripts, work without a prompt. Generate the RHEL 10 default with ssh-k
- SELinux Modes - Read and change the SELinux mode, the first move in every SELinux problem. Three modes: Enforcing (blocks and logs), Permissive (logs only),
- SELinux File and Process Contexts - Every file and process on RHEL carries a SELinux security context, four colon-separated fields user:role:type:level. The third field, the ty
- restorecon and semanage fcontext - Fix the SELinux label that blocks a service even when permissions look fine. restorecon resets a file to the type the policy expects and is
- SELinux Port Labels - Let a service listen on a nonstandard port under Enforcing SELinux. SELinux keeps its own list of which TCP ports each service type may bind
- Booleans and AVC Diagnosis - SELinux booleans are named on/off switches that toggle whole chunks of policy without writing rules. Read one with getsebool NAME, flip it p
- Mission Control: Operation Lockdown - The RHCSA security capstone on a real RHEL 10 machine. A firewalld rich rule, key-based SSH, a SELinux port label, a SELinux boolean, and a