Manage contacts for security

How to create outlook signature

hello and welcome back to the channel my name is eddie jennings from ejsllc.com this video is going to be another in my rhce practice session series for the red hat certified engineer exam before we dive in i want to thank returning subscribers for watching another video as well as invite anyone who hasn't subscribed yet to click that subscribe button and ring the bell when you do so you can be notified of when new content comes available if you enjoy the video make sure you click like and feel free to share with others that might find it useful and don't hesitate to leave a comment as well as a reminder these videos are opportunities for me to do some self-assessment of my ability to go through the objectives for rhce and the idea behind this is at the end of the video if i feel pretty confident about what i've been able to either explain or demonstrate in some examples then i think i'm probably well prepared for that particular topic for the exam if at the end of video i don't feel like that then there's obviously some things i need to go back and brush up on before i take my exam which will be in about a month or so that being said these aren't necessarily intended to be authoritative information nor are they intended to actually be tutorials for the exam objectives but i do try to keep the information accurate and perhaps with your own studies you might see how i struggle with a particular topic and such and that might give you some ideas of how to do some of your own study for the exam the objective for this video is the last of the rhcsa review objectives which is under the be able to perform all tasks expected of a red hat certified system administrator and that objective is the manage security objective so if i were to go back to the rhcsa objectives and look at the managed security group there are several objectives here mostly working with your firewall some access control lists and sc linux so without further ado let's dive into them the first objective we're going to look at is configure firewall settings using firewall cmd and firewall d so i'm here in my rail 8 workstation or rather on my relay workstation let's ssh into one of my lab servers password on the first try that means it's going to be a good video if any of you have watched my rhcsa practice session series you know that's kind of a running thing of how many times am i going to fat finger my own password so configuring firewall settings using firewall cmd and firewall d what firewall d is is basically a service that runs on top of nf tables which is the actual uh or actually i think netfilter is the actual firewall if i if i'm getting my terminology right but nf tables is the interface between us and what the kernel does for managing network traffic and such and what firewall d is is a layer of abstraction above that that you know supposedly has a little more friendly syntax and such someday i will find the time to dig into nf tables and and learn its syntax just in the fact if i'm on a system that doesn't have firewall d and i can't get firewall d i'll be able to at least function and configure firewall settings and such but most of your linux systems are going to come with firewall d installed there's no way to know what you're going to have available for you on the exam so one of the reasons why i use the minimal installations in my practice labs and such is to be able to have the fewest packages possible so if i do need to have what i consider kind of a basic tool then i know to i know the name of the package to download and again any package that is available in the rail repositories you're able to in your environment for your red hat exams so i'm fairly certain firewall d is already installed but we can check to make sure and i'm actually going to kind of cheat and i'm going to check using systemctl and there we go if the firewall d service was you know not available then that will tell me that that i need to download and firewall d but clearly i don't if you did you know yum firewall d or dnf firewall d that's all that you need to do for that so the command to configure this firewall is going to be our firewall cmd command and the firewall cmd has some pretty good man pages is also also has some decent dash dash help options as well firewalld is one of these things that sometimes i find it difficult to try to memorize you know the common options and such you do the best you can with it but you always have your documentation and such available for you on the exam what i am going to do though is actually apache on this server real quick so sudo dnf httpd dash y this shouldn't take too long to download all right so we've downloaded apache and let's go ahead and start the service use sudo for that and service should be running status httpd okay awesome so now on my workstation here i'm going to open a browser which hopefully this won't take too terribly long i think this might have been the first time i've run the browser on this workstation but we will see i tend to not give my practice vms a whole lot of you know ram and such so let's try to do http lab rel and svr01 all right not able to connect well we can obviously connect to the server because we're connected via ssh but the issue is the firewall by default is not allowing traffic on port 80. and a way you can see what is being allowed by default i'm actually going to pseudo into root that's going to save me from having to type sudo a ton of times for this particular video but we can do firewall cmd i believe it is list services it's either that or is list service yet list services and we can do list ports all right so the only services that firewall d is allowing in is cockpit dhcp v6 and ssh so one thing you can also do i think let's zone nope or is it get default zone maybe yeah there we go so the the default zone for firewall d is public now there are several zones that that you have available i think um actually we should be able to get that yeah there we go so these are the available zones that you have block dmz drop home public trusted and each of those have some different configurations in in in and such with them and you can also configure rules and such per zone to where you know let's say that you move to a public network and you don't want to have you don't want to expose a lot of the stuff that you have on your laptop you can move to the public zone and that's only going to have these services available versus you might have other services that are configured for your your home zone but all of the configuration will do in this video is just going to go to your default zone when you're doing configurations with firewall dmd you can specify the the zone to to use for that which i think i just said that a moment ago sorry i'm tired anyway so what we want to do is allow um http traffic to be able to flow so there's two ways of doing that i can either allow it on port 80 or i can allow the service http either is going to be a valid configuration so we'll do firewall cmd we're going to do add service and we'll do http for that and we're also going to do permanent and what this does is add it to basically the the the um oh what's it called when you on your switches you have startup config and running config yeah basically adds it to like the startup can pick config startup config for firewall cmd so that way this is going to persist and remember everything with a red hat exam has to persist and so if i were to reboot the machine http is going to be allowed however at this moment it is not allowed still so to be able to make this work we can do we can reload the firewall reload it's going to reread the rules of which we added a permanent rule for http and lo and behold well in theory oh i'm doing https of course that wouldn't work http and there's the um apache test page for for for what we need now um the another way that you could do this was simply add a rule without permanent because that that'll affect you know effectively the running config of the firewall i tend to just do permanent and then reload the firewall because i don't want to take the chance of just adding the rule for getting to do permanent and then you're kind of screwed on the exam because you know it's not a persistent connection i mean persist connection it's not a persistent configuration and so therefore you're you know not going to get or earn the points for your objective if your objective is you know configure the the firewall so a couple of other things you can do with firewall command let's go into the man pages real quick some of this i remember some of that i would have to reference on the exam but there is what is it it's called panic i believe let's search for panic there we go panic on panic off so what panic does is basically set the firewall to where everything is dropped and so you know what if you're under some type of of attack you need to kill all the network connections panic mode is for you one thing to note with this uh it's a runtime only change which means you you cannot um add a permanent rule for for panic mode which generally is is good but that was one thing i wanted to point out for firewall cmd there are other configurations you can do with that there's one i think it's um oh what's it called rich rule if i remember correctly let me reopen the man page here search for rich yeah rich rule so the rich rules that you can really get some fine grain stuff going on there whereas you are um trying to think of a good example of a of a rich rule off top of my head let me see if there's anything here in the man pages that give you an example of a rich rule ah here we go firewall d rich language let's take a look at that real quick there we go yet so whereas you can do things such as you know add ports remove ports and such the rich rules allow you to have significantly more control over that and so it would not be a bad idea and i'll do this myself for the rhce exam to as i get closer maybe a a a week or so out configure a couple little rich rules just to make sure that i have kind of the basic syntax under my fingers i'm not going to do that in this video because i know for a fact i i don't recall all of the the particular syntax for the the rich rules but it is something that is available in firewall cmd and it would behoove you to to know where to find it in the documentation should you need to use that on the exam and you have forgotten about it so the next objective is create and use file access control lists so let's quit out of this here and let us see the best way to to handle this is all right we're going to create we're going to create a couple of users so user add and who should we make for user this time i've done some naruto stuff i think i did a final fantasy one before let's do another game that i greatly enjoy we're gonna make iceman user add quick man we're also going to make two groups so we're going to do oh wait user add mega man user add dr light all right and let's make two groups we're going to call it villains group add not just group spell that right yeah villians villains uh it's going to be billions yeah ll all right i'm not going to stress over that and heroes so if i've misspelled villains my apologies i'm pretty sure it's like villians but anyway end of the squirrel moment back to the rhce moment and let's add these groups to a couple of these are these users to a couple of the groups so user mod ag villains ice man we'll do the same for quick man and we'll do heroes mega man and heroes dr light all right so we have some some groups and some users here let's go into actually we're going to make a test directory or should we do test directory or go into the temp directory we'll use a test directory all right make deer test and typically permissions you're using the octal notation or the just um user group other and then read write execute what access control lists give you is a little bit more fine-grained access to that for example so let's go to root we see test is owned by root root and what i want to do is let's see read write execute read execute so let's say that i don't want to change the ownership of the test folder i don't want to change it from root root but i want to allow the the heroes the ability to to write in this folder or in this directory so what we can do is the set facl command and let's see how well i remember this off the top of my head so we're going to do set facl we are going to modify we're going to do the group if i recall correctly and the group name is going to be i'm doing this right so they set facl modify so remember we have all right let's try this so group heroes the permission that we want which is going to be read write execute and then the directory so that's going to be test and if i get it right it'll yep invalid option invalid argument i think i need to do dash g nope all right so when in doubt hit the man pages because it's going to tell you in a moment all right so yep dash m is what we want that's modify x i remember is is remove so say fecl dash m remember the b and the k for that as well what's my syntax yeah g group then the perms not quite sure what i was doing wrong there i'm looking at the acl entries here i have ah i see or or do i see all right let's take a look at what i have here so let's cats etsy groups our etsy group h-e-r-o-e-s oh did i misspell it i must have yep that's what i did wrong did a couple of things wrong i misspelled my group name as well as did that dash and i didn't need it there we go all right so now ls-l test our ls-l at root and so we see with test here we have this read write execute but we have a plus and that plus tells us that there's an access control list that's affecting our directory here so if we get get fackle or get file access control is test it tells us what we have here so the mask refers if i recall correctly to the maximum possible permissions for um for this particular entity in this case the the directory we see that group and owner still have just are are still rooting root the user has read write execute group has read execute but the heroes group has read write execute so let's put this to the test here for the s u into quick man all right i should be able to go into the test directory and we're going to echo foo to test file permission denied hmm oh i did the heroes okay yeah this makes sense i got a bit confused i probably shouldn't wait so late to do some of my videos my brain's a bit tired but case in point so impromptu study tip for the exam don't do the exam when you're tired because you'll make little brain mistakes like i just did so that is what we expected let's exit out of being quick man and let's change to mega man and little cd to test that makes sense let's try echoing foo to test file alright that looks good let's look at the um the permissions for it it's owned by mega man yep now what we did was just do a single permission on this you can set default permissions for directories and what that's going to do is if i recall correctly is allow inheritance of access control lists to the files that are made in there so let's put that to the test let's exit here and let's do this we're going to set facl i think dash b removes everything and then we'll do test all right ls-l and test no longer has any access control list you see that the plus is gone from that so now we're going to set facl d for default modify group heroes doing read write execute and test all right so let's see what happens with switching user over to mega man we'll go into test and so lsl so that's our first test file is echo foo 2 to test file two and let's see what happens permission denied i'm surprised for that or or surprised about that why would that be permission denied because the all right so here's some troubleshooting for you let's see if we can figure it out let me exit how to being mega man and let's go back to root get facl test all right default group you know i think i need to make an entry just for group as well now let's see what happens here so let's just go in as root test echo future test file too because root can do whatever it wants right okay and so now we see that that yep all right that i think makes sense get fackle test file to there we go yep so my my idea about the inheritance thing is true but i think i need to make a separate access control list just to be able to write to the test file too i think that's how how that's supposed to work if i'm wrong feel free to put that in the comments and i encourage that on any of these practice session videos i try to make the information as accurate as possible but this is kind of what i'm doing off the top of my head to see if i remember stuff properly for the exam and i encourage you to correct me when i'm wrong it helps both me and anyone that might be watching these videos you know we want them to get the correct information as well so let's see into mega man and what i want to try to do is since i have read write execute on test file too i'm going to see if i can actually edit that file so test test file two and let's just add some text all right cat test test file two okay yep that's that is what happened there so let's go back to root and let us set facl we're gonna modify we're gonna explicitly add the the group now you can do this for individual users as well just happen to be doing group you know just because but you could do this for individual users so uh group heroes rewrite execute test all right so let's ask you back into mega man go into test echo foo 3 to test file 3 and that should work which makes sense and test file 3 should have the the default the default access control list as well one thing that can be useful with access control is it's kind of related to the objective we have to set gid access control lists can give you some more flexibility in what to do for your your permissions if there's something where you don't you really don't want to change the user or group owner of it but you want to give people access however the other side of the coin is that can make permissions troubleshooting a bit more challenging because you have another layer worth of um of permissions to to work with in addition to the good old read write execute permissions now let's take a look let me exit here let's take a look at the man page one more time because i'm trying to remember dash b either removes just the i think dash b removes all access control list entries and then dash k does um does just the default but let's take a look just to make 100 sure here set fackle yeah b is remove all k is remove default and you can d use dash r for for recursive as well just like when you're doing um change mode and um change owner now let's see let me look through here see if there's anything else that's a significant thing you can you can pipe stuff and set the access control list over the pipe for files i don't remember how to do that off top of my head that might be something that i need to look up just to to have under under my under my fingers so to speak see if it mentions it here oh yeah here it is so it gives you the the syntax of copying the access control list from one file or another you and you do that with the um with the pipe it gives you some examples in your man pages should you need to do that on your exam next is key based authentication for ssh i'm actually not going to go over this because i hid it in the very first video for rhce and just for for the sake of time i'm not going to come back to it i will have a little pop-up that'll happen here that will be a link to that video and you can check it out and i will also mention it in the um description of the video as well so so you can go right to it where i talk about the key based authentication all right moving on from there we get into our good friend s.e linux which sometimes strikes fear in the hearts of administrators and it really shouldn't um trying to think of the the best way to to to describe it sc linux is basically another layer of security and the idea behind it is rather than like um i think it's called discretionary access control which that's our our octal notation permissions and such the mandatory access control is the model that sc linux follows and again if i'm wrong feel free to put that in the comments that unless you tell se linux yes this thing can do this action to this item which is effectively what everything in se linux is then the thing can't do the action to the item so take a look at sd linux let us actually we'll use the files that we have here you can use lslz capital z to see xse linux and if i remember correctly we have the uh all right so an selinux context which is what we have here there should be a user level i can't recall off top of my head what the middle field is and then the context and this is this is a type context for whatever file you can also do you can set sc linux type contacts for for ports and such as well so first of all the the first thing that that that's on this here is setting and enforcing permissive set enforcing and permissive modes for sc linux so there's a tool called get enforce which will show you the mode of sc linux right now we are enforcing which means seo linux is going to prevent things from doing what they don't have permission to do and log about it you can set sc linux to permissive which what that's going to do is allow the action but still log it permissive is a great troubleshooting tool now you will probably find stuff on the internet like hey to make this work just turn off sd links set it to disabled don't do that that is generally a bad idea you may have application vendors that says our application works only if you turn off sc linux of which my response to that would be you need to make your application enterprise worthy so that way it will function with the appropriate sc linux configuration so just in the interest of um of being complete if we were to go into etsy and where is that in etsy this is something that like don't turn off ever and so i forget where it is yeah ah there it is scmanage.com for just config let's less config there we go so in scse linux config you can set this to disabled which just absolutely you know does not load any particular sc linux policy again you don't want to do that if for troubleshooting set it to permissive and then use some tools to figure out what sc linux is complaining about and then make that configuration change or find another application might be the kind of draconian way of saying you know don't use the app for that but oh well all right so to set that permissive mode we just do set enforce permissive and also do set in force i think zero as well get in force show that we're in permissive and then set in force one and that should put us back into enforcing mode all right the next little topic is list and identify sc linux file and process context so we saw the file contacts with lslz all right and another thing the process context so this is going to get into using ps and i believe the what you want is z capital z for that as well so let's try p s a u x z yeah that looks like that so that's giving us s a linux context as well you can see system system u kernel type right so again the you have user privileges with that and some of these users aren't like users as you would think of in past wd it's instances entities just for sc linux i'm drawing a total blank on the the middle field for that and then you have the type for your third field which is for the sc link stuff i've had to touch which of course you know i'm sure there's people out there that eat breathe drink se linux that have to touch all three but for everything that i i've had to do either in my lab or things i've prepared for for the rhcsa level of test and i think rhce is probably going to follow the same idea you're primarily going to be working with that third field one other thing this i guess would fall under the list and identify file and process context there is an application called se manage and sc manage is really the primary tool that that we're going to use for configuring stuff with sc linux and to get some information about it sc manage is not installed by default on the minimal installation and again in your actual testing environment you may or may not already have it but if you don't have it the package that you need to is yum policy core utils dash python dash utils y now if you can't re recall that and i've had to the home that miss oh i misspelled it policy core utils and also i did the incorrect command as well yum if you can't recall the name of that package and i i recall just had to type this so many times doing stuff in my lab you can do yum or dnf what provides sc manage and that will give you the the name of the package that you need to to for that so now that we have sc manage if you're ever curious about all of the different contacts that you have available to you we'll do sc manage fcontext for file context dash l and that is everything that has been configured now this actually is a great resource and i will i'll i'll show you why a little bit later in the video when i do an example but that shows you some syntax this basically is saying anything is in var spool text mf and anything after that this particular syntax can be sometimes difficult to to remember i'm actually going to widen my window just a bit here and that the sc manage f contacts dash l helps tremendously with that and also it gives you the name of some of the context types for example let's say and we are going to do this but we need to do something with httpd so we'll grab this to [Music] see var .html and this is showing you some of the sc linux contacts that you would use for apache so great great resource to use now you can also see we did f contacts i'm pretty sure we can do some things other than fcontext you have file contacts what f contact stands for ah yes so ports and you can look at booleans as well so sc manage port l and this gives you different port information and where this will come into play is let's say that you have an objective that says all right so we want to do ssh on something other than port 22. well let's grip for ssh all right so there's an se linux context that basically says we're going to allow ssh to happen on tcp 22. so even if you were to configure sshd and configure the port to be something other than 22 and you open up whatever port this is on your firewall se linux is still not going to allow ssh connections to something that's not port 22. so what you would have to do is modify that to to allow it to happen and we don't get go too long i might try that in a quick example but i know we're already starting to get a bit long for that you also have booleans and these are you know as as as you imagine on off this is in addition to file contacts and stuff um there are several for httpd one is home dears you'll uh when i was doing my rhcsa training there are a lot of examples of using the home dealers for this and that is one of these you can set up apache to be able to serve files and such out of a user's home directory and i can't remember off top my head exactly how to do that but in order for that to work you would have to have some file contacts configured and you would have to enable the sc linux boolean for home gears in this off off that refers to the current state of it and then default so it's kind of like firewall d as far as you can have kind of like the running configuration of your of sc linux booleans and then the default or the persistent configuration for that all right so let's see there's a separate one for use boolean so so we'll take a look at that in in a moment the next topic is talking about restore default file context so what this means is let's say that that you make a change to se linux context for a particular file and in this case let's do we're going to make a file called html under the opt directory or lslz we see the selinux context for this directory of html let's say that we wanted to you know configure apache to use this directory rather than like var w w and .html right so we do that we do the permissions and do the configuration on the patching that's not going to work because of sc linux so if we were to set this let's see how well i remember so we are going to do sc manage fcontext add and [Music] type is going to be if i remember right as http is http sys read write content t you know rather than guess let's check so sc manage f dash l grep for [Music] var [Music] .html you know i think i was pretty close oh httpd yeah there we go all right so i'm going to copy that and let's try this again so um sc manage fcontext because we're changing the file context a for add t for the type which is going to be this and then we want to do html and then everything that would be after html and this i've done this syntax enough times that i've just i've memorized it but as you can see from the output from grep that would be most helpful for you oh wait oh i gotcha i forgot about this this needs to be in quotation marks otherwise when you do that syntax for everything after this directory it'll complain as it just did now in my experience it takes a moment or so when you make a change to se linux either file contacts or booleans reports and such so don't don't be surprised if this if this takes a moment don't think you know hey you've broken your system just be patient a bit and then it will finish all right so if we do lslz we see that the selinux context has not changed so what we have to do is basically tell seo linux you need to re-read the what contexts are configured because basically what we're doing is adding to the sc linux policy right we need to re-read your policy and apply the contacts as they're supposed to be and the command we u for that is restore con and i like doing dash v for this just because it'll tell you what's going on dash capital r is for recurse so let's say that i had you know made this directory and then made a bunch of files and such if i wanted to just reset the selinux context in one fell swoop this is how i would do it so opt html and it says it relabeled from that to the appropriate context and we can verify that with ls-lz so the thing to think about for the exam if you have to do something with sc linux and it's a you know set this context to a particular setting you want to do that that restore con to check now there's one other command for doing that i think it's called ch con don't use it simply because it um it doesn't persist and in my experience the well the experience i've had with se linux when you make changes you're going to be adding it to to the actual policy and again for your exams everything is going to have to persist so you may as well just do essie manage for that but if you're curious you can check out the man pages for change con all right next is use boolean settings to modify system sc linux settings so again i'm not going to go through the process of setting up the little home dealers in httpd i can't run it off top of my head and that'll make the video be ridiculously long but actually you can do get scbool as well as using sc manage for that and i'm going to grip for httpd oh get scbool a for all of them and let's say that the one that we needed to change was hc httpd enable home gears so this is fairly easy set sc bool the i should be able to give it the name i don't think i copied it see if i'm remembering correctly the name and then true false one zero uh that should be everything that it accepts we're gonna set to one of course yay there we go and we're done but are we let's do that sc manage boolean l and we're going to grep for httpd enable homedeers home dyers yep it's not going to find that home dears notice how we have that on off and and if you recall from looking at the sc manage the first column is current running state and then the second column is default so even though we have changed this boolean when we reboot the system it's not going to be there so what we'll have to do is set sc bool dash p for permanent home dears one oh capital p all right and let's check sc manage again and they should be both on and on now one thing i'm curious about let's do this so let's do permanent off i'm curious to see if that affects the running state as well i can't remember off top my head yeah it looks like it does so now let's do permanent on and let's see if that affects the yeah all right so permanent is going to affect running state as well as default so quite frankly you probably just want to use dash permanent all the time on your exam i'm not sure in real life if you'd want to do that perhaps troubleshooting you wouldn't but again it's kind of like change con i think you will be using dash p for sc bools just like you would use sc or sc manage f context for your files and ports versus change con for that all right and the last objective from the old rh csa exam under the manage security is diagnose and address routine sc linux policy violations so using the sc linux permissive is a great tool for that as far as that helps you determine is sc linux causing the problem with whatever it is that that you need but it's not it doesn't tell you specifically what's what's um what's being violated with that so that stuff is stored let's see var directory log and i believe it is in the audit.log so let's entail this audit.log all right that's a ton of stuff and you know you see it's you can see some stuff here looks like um some complaints and such so there is an easier way to work with this and that is with the sc alert command sc alert comes from the believe the name of the package is sc troubleshooting or sc troubleshoot dash server is the package that it comes from so let's see if i'm correct with that so we'll do yum what provides sd alert i'm pretty sure it's going to be se troubleshoot dash server is the package that we need for that yep sc troubleshoot dash servers so i know for a fact that's that's not installed on this system so yum sc troubleshoot dash server and we'll say yes all right so let's make another direct actual we'll use our test directory for this so um let's go into test and we'll do um make oh no we'll just use the test files that that'll work fine for this actually rename test file to test testfile.txt okay so what i'm going to do real quick is let's see let's see what the permissions are for this ls-l so test right oh yeah we have the access control list for that all right so they'll be able to get into that and then okay so they can read that stuff awesome all right so what we're going to do since we installed apache let's go into nchtpd conf i thought we installed apache did we not fairly sure we did maybe i'm just getting my directories wrong httpd.com all right so we're going to go in here we're going to make a couple of changes real quick and we are going to change the document route to just test and we will change this also to just test we don't necessarily need to change this but just for good measure why not all right so this should serve up that web page so if i were to do test file oh wait i need to reload apache okay test file dot txt all right so forbidden we don't have uh permission to to get to this resource now one of the reasons for that is probably going to be se linux so as a troubleshooting measure we'll do set enforce zero for permissive let's see if it works this time yep there's our foo kind of rolling like mice type on your video and if i were to go back and set in force back to one or two enforcing forbidden so clearly se linux is the problem the question is how do we know what thing to fix so let's go back to that var log audit directory we have our audit.log and what we're going to use is sc alert now i need to look at the man page real quick so i can't remember the is it i thought it was dash i for analog no dash a for analyze that's it alright so what we're going to do is sc alert dash a and we're gonna feed it audit dot log s e alert dash a audit dot log now this will take a couple moments or so so again if if you do this on your exam and it feels like it's sitting at 99 forever it's okay take a breath get a sip of water and you'll have information soon all right so it found some stuff here and let's see what we have all right test test file all right now notice this plug-in catch-all 7.6 confidence what this sc alert does is it try to gives you and i it gives you some suggestions on potentially how to fix stuff and so there's one thing to do here and it's only seven point six four percent confident about that all right so here it's about is you know fifty percent more confident about that one there but what we want eighty-three percent confidence and basically what it says is sc linux is preventing httpd from reading this file you need to change if you want to allow http to access this file you need to change the label and i believe it's okay so does it just give you all the labels to try and where file type is is one of the following yep so it basically says we need to change the label on that it's not telling us the explicit file type for that it is giving you the command which is kind of nice but you could do that sc manage f context dash l and search for httpd and you know you can read those and and kind of figure out oh we need something that's re at the very least has something that looks like it reads and that rw typically is going to be a read write and so if we were to do that which we we did before i'm not going to do it again just because we're getting a little bit long on the video that will solve the problem and i just said i'm not going to do this but the system administrator me does not like leaving stuff broken so let's do it real quick and it'll be a chance for me to practice so what i'm going to do is actually do that for the whole directory so sc manage f context dash a dash t httpd always sys read write content underscore t [Music] test that'll take a moment all right restore con r v for test all right change the relabel some stuff and let's try it there's our foo so that in fact was the proper answer was fixing se linux so i know this video and the previous few have been pretty long and i would imagine the videos that are going to be about the core components of ansible aren't going to be quite as long or if they're long they'll be a bit more in depth because there's just a lot of stuff to to review for the rhce exam that basically if it's on rhcsa it's probably going to be fair game for rhce or at least from what i have gathered so i want to thank you for for taking the time to to stick with me hopefully you have found it useful if you did make sure that you click like and share it with others that might find it useful as well you can also leave comments ask questions leave critique leave praise i accept it all and i respond as i have both time and ability i do want to thank returning subscribers for watching another video and as always if you are watching and have not subscribed yet make sure you click that subscribe button and ring the bell when you do so you can be notified of when new content comes available as always thank you for taking the time to watch and i'll see you the next time