LearnRHCSA (EX200)Security

Mission Control: Operation Lockdown

semanage - a hands-on Linux lab on a real virtual machine.

The RHCSA security capstone on a real RHEL 10 machine. A firewalld rich rule, key-based SSH, a SELinux port label, a SELinux boolean, and a relabeled web root, with SELinux Enforcing, graded on live end-state. Mission mode.

You have finished the Security module, the last one before the exam. Now you harden a real RHEL 10 machine: a firewall rich rule, key-based SSH, a SELinux port label, a SELinux boolean, and a relabeled web root. SELinux stays Enforcing the whole time. Every piece is graded on the live result, exactly like the exam.

Five objectives, one real machine. This is the capstone that ties SELinux, firewalld, and SSH together.

This is mission mode. No commands are shown. You read the objective, recall the tool, and harden the system. You will need root, so reach for sudo. Progress checks itself.

One quick rep before you start. SELinux is the theme of this mission, so confirm it is switched on and enforcing.

prompt: [root@servera ~]# answer: getenforce output: Enforcing hint: getenforce prints the current SELinux mode in one word: getenforce

Enforcing means SELinux is actively blocking and logging, so your port label, boolean, and file context all have to be right. Leave it Enforcing. Now lock the machine down.

Boot the machine below and take the console. Read ~/LOCKDOWN.txt for the checklist. Five objectives: a firewalld rich rule allowing ssh from 10.20.0.0/24, key-based ssh for student to localhost, the SELinux port label for tcp 8404, the SELinux boolean httpd_can_network_connect on persistently, and the /web directory relabeled to httpd_sys_content_t. Keep SELinux Enforcing, and make every change persistent.

Practice Mission Control: Operation Lockdown in a real Linux terminal at The Linux Camp. Progress is verified automatically as you type commands on the machine.