{"id":105299,"date":"2024-01-19T10:53:40","date_gmt":"2024-01-19T15:53:40","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=105299"},"modified":"2024-02-06T11:22:08","modified_gmt":"2024-02-06T16:22:08","slug":"how-to-explore-selinux-on-centos-rhel","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel","title":{"rendered":"How To Explore SELinux on CentOS or RHEL"},"content":{"rendered":"\n<p><a class=\"wp-block-cgb-button button\" href=\"#step1\">Jump to Tutorial<\/a><\/p>\n\n\n\n<p>SELinux, which stands for Security-Enhanced Linux, is a Linux kernel security module that\u2019s implemented in CentOS and Red Hat Enterprise Linux (RHEL) distributions. It adds an additional layer of security by enforcing access control policies for apps, files, and processes. It\u2019s an essential tool for system administrators to reduce the attack surface area. This tutorial will walk you through the basics of SELinux, its core concepts, and how to work with it on CentOS\/RHEL systems.<\/p>\n\n\n\n<p>SELinux uses a mandatory access control (MAC) mechanism that supplements the traditional discretionary access control (DAC) provided by file permissions and user\/group ownership. DAC is based on the concept of allowing or denying access to files and resources based on user privileges. In contrast, SELinux takes a more granular approach, assigning labels to files, processes, and users, and then defining policies to govern their interactions.<\/p>\n\n\n\n<p>SELinux operates in three main modes:<\/p>\n\n\n\n<ul>\n<li><strong>Enforcing<\/strong>: In this mode, SELinux actively enforces its policies, denying any actions that violate those policies. This is the recommended mode for a secure system.<\/li>\n\n\n\n<li><\/li>\n\n\n\n<li><strong>Permissive<\/strong>: In permissive mode, SELinux monitors and logs policy violations but does not actively deny them. This mode is useful for troubleshooting and understanding what would happen in enforcing mode without disrupting system operations.<\/li>\n\n\n\n<li><\/li>\n\n\n\n<li><strong>Disabled<\/strong>: SELinux is completely disabled, and it doesn&#8217;t enforce any policies. This mode should be used with caution, as it reduces security.<\/li>\n<\/ul>\n\n\n\n<p>Before we dive into exploring SELinux, ensure you have:<\/p>\n\n\n\n<ul>\n<li>A CentOS or RHEL system (this tutorial assumes CentOS 7 or later)<\/li>\n\n\n\n<li>Root or sudo access to the system<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Refer to configuration\/hardening guides to set up and manage SELinux to ensure the appropriate protection for your systems.<\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_enterprise_linux\/8\/html\/using_selinux\/index\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Red Hat<\/a><\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step1\">Step 1: Log in to Your CentOS\/RHEL Server<\/h2>\n\n\n\n<p>First, we need to log in to our server, so make sure that you are using a terminal or some SSH client installed on your local machine. If you&#8217;re using Linux or macOS, then you will most likely use the terminal application or command line for this purpose. If you are using the Windows operating system, some standard options include PuTTY SSH client or Windows PowerShell terminal.<\/p>\n\n\n\n<p>Open the terminal or SSH client on your local machine and enter the username and IP address or hostname for your system.<\/p>\n\n\n\n<p>In the terminal or SSH client, use the SSH command to connect to your server:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>ssh username@server_ip_address<\/p>\n<\/div><\/div>\n\n\n\n<p>If this is your first time connecting to the server, you will see a security warning about the authenticity of the host. You can verify that the displayed fingerprint matches the expected fingerprint by typing <strong>yes<\/strong> in the prompt and pressing <strong>Enter<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"56\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/1-3.png\" alt=\"screenshot of code\" class=\"wp-image-105319\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/1-3.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/1-3-300x33.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step2\">Step 2: Check Current SELinux Status<\/h2>\n\n\n\n<p>We can check the current status of SELinux on our system by running the following command:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sestatus<\/p>\n<\/div><\/div>\n\n\n\n<p>You can see the similar output in your system:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"481\" height=\"194\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/2-3.png\" alt=\"screenshot of code\" class=\"wp-image-105320\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/2-3.png 481w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/2-3-300x121.png 300w\" sizes=\"(max-width: 481px) 100vw, 481px\" \/><\/figure>\n\n\n\n<p><strong>SELinux status<\/strong>: This means SELinux is active and enforcing security policies.<\/p>\n\n\n\n<p><strong>SELinuxfs mount<\/strong>: SELinux uses a virtual file system located at \/sys\/fs\/selinux to interact with the kernel.<\/p>\n\n\n\n<p><strong>SELinux root directory:<\/strong> This line points to the root directory for SELinux configuration files and policies.&nbsp;<\/p>\n\n\n\n<p><strong>Loaded policy name<\/strong>: This line displays the name of the SELinux policy that is currently loaded and enforced on your system. The &#8220;targeted&#8221; policy is designed to provide targeted protection for specific services and applications.<\/p>\n\n\n\n<p><strong>Current mode<\/strong>: This line shows the current enforcement mode of SELinux. Here, it says &#8220;enforcing,&#8221; which means SELinux is actively enforcing security policies and denying any actions that violate those policies.<\/p>\n\n\n\n<p><strong>Mode from config file<\/strong>: This line indicates the SELinux mode specified in the configuration file and it should match the current mode. In our case, both are set to &#8220;enforcing.&#8221;<\/p>\n\n\n\n<p><strong>Policy MLS status:<\/strong> MLS stands for Multi-Level Security, and this line indicates whether MLS is enabled or disabled in your SELinux policy.&nbsp;<\/p>\n\n\n\n<p><strong>Policy deny_unknown status<\/strong>: This line specifies whether SELinux should deny actions for which no policy rule exists. By default, it will give the output of &#8220;allowed,&#8221; which means SELinux is configured to allow actions for which there is no specific policy rule. This can be useful for applications that don&#8217;t have defined policies.<\/p>\n\n\n\n<p><strong>Max kernel policy version<\/strong>: This line indicates the maximum kernel policy version supported by SELinux. The policy version can change over time as SELinux evolves. In our example, the maximum policy version is &#8220;31.&#8221;<\/p>\n\n\n\n<p>Next, we will check if we have SELinux utilities installed on our system. We can do so by running the <strong>rpm<\/strong> package command:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>rpm -q policycoreutils<\/p>\n<\/div><\/div>\n\n\n\n<p>If the package is installed you should get a similar output:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"45\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/3-3.png\" alt=\"screenshot of code\" class=\"wp-image-105321\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/3-3.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/3-3-300x26.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<p>If you get information that the package is not installed you can install it on your system by running the following command:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo yum install policycoreutils<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step3\">Step 3: Work with SELinux Contexts and Policies<\/h2>\n\n\n\n<p>SELinux assigns labels, known as contexts, to files, processes, and users. These contexts determine what actions are allowed. The primary components of a context are:<\/p>\n\n\n\n<ul>\n<li><strong>User<\/strong>: Represents the SELinux user associated with a process.<\/li>\n\n\n\n<li><strong>Role<\/strong>: Defines the role or function of a process.<\/li>\n\n\n\n<li><strong>Type<\/strong>: Describes the type or category of a process or object.<\/li>\n\n\n\n<li><strong>Level<\/strong>: Specifies the sensitivity level of a process or object.<\/li>\n<\/ul>\n\n\n\n<p>We will create an example of how to serve files via the Apache web server including any related SELinux configuration.<\/p>\n\n\n\n<p>First, we can install the Apache web server by running the following command:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo yum install httpd<\/p>\n<\/div><\/div>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"185\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/4-3.png\" alt=\"screenshot of code\" class=\"wp-image-105322\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/4-3.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/4-3-300x108.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<p>Type <strong>yes <\/strong>and press <strong>Enter<\/strong> which will install Apache.<\/p>\n\n\n\n<p>Next, we need to start and enable the Apache HTTP server to ensure it starts on boot:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo systemctl start httpd<br>sudo systemctl enable httpd<\/p>\n<\/div><\/div>\n\n\n\n<p>Create two directories under the following server path for our test:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo mkdir -p \/vhost\/myapp<\/p>\n<\/div><\/div>\n\n\n\n<p>This is a non-default path that we will use in our SELinux example.<\/p>\n\n\n\n<p>Next, create an index.html in that server path:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo vi \/vhost\/myapp\/index.html<\/p>\n<\/div><\/div>\n\n\n\n<p>Press <strong>i <\/strong>to enter the edit mode of Vi editor, and here you can paste the following content:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>&lt;!DOCTYPE html><br>&lt;html><br>&lt;head><br>\u00a0 \u00a0 &lt;title>Simple Web App&lt;\/title><br>&lt;\/head><br>&lt;body><br>\u00a0 \u00a0 &lt;h1>Hello, World!&lt;\/h1><br>&lt;\/body><br>&lt;\/html><\/p>\n<\/div><\/div>\n\n\n\n<p>After you finish with editing, press <strong>Esc <\/strong>and <strong>:wq<\/strong> to save and exit the file.<\/p>\n\n\n\n<p>If we run the following command, we can see the context for the file:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>ls -lZ \/vhost\/myapp\/index.html<\/p>\n<\/div><\/div>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"39\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/5-3.png\" alt=\"screenshot of code\" class=\"wp-image-105323\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/5-3.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/5-3-300x23.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<p>This output shows that the <strong>default_t type<\/strong> is not a type specifically associated with web content, so Apache does not have the necessary SELinux policy permissions to access it out of the box.<\/p>\n\n\n\n<p>Now, we can create our custom Apache config:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo vi \/etc\/httpd\/conf.d\/myapp.conf<\/p>\n<\/div><\/div>\n\n\n\n<p>Paste the directives for the config and replace the values for your case:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>&lt;VirtualHost *:80><br>\u00a0 \u00a0 ServerAdmin webmaster@myapp.com<br>\u00a0 \u00a0 DocumentRoot \/vhost\/myapp<br>\u00a0 \u00a0 ServerName 172.105.83.174\u00a0 # Replace with your values<br>\u00a0 \u00a0 ErrorLog logs\/myapp-error.log<br>\u00a0 \u00a0 CustomLog logs\/myapp-access.log common<br><br>\u00a0 \u00a0 &lt;Directory \/vhost\/myapp><br>\u00a0 \u00a0 \u00a0 \u00a0 Options FollowSymLinks<br>\u00a0 \u00a0 \u00a0 \u00a0 AllowOverride None<br>\u00a0 \u00a0 \u00a0 \u00a0 Require all granted<br>\u00a0 \u00a0 &lt;\/Directory><br>&lt;\/VirtualHost><\/p>\n<\/div><\/div>\n\n\n\n<p>Now, in order to allow read-only access to the Apache web server to our custom directory and any subdirectories and files, we need to apply <strong>httpd_sys_content_t <\/strong>context to our SELinux config.<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>semanage fcontext -a -t httpd_sys_content_t &#8220;\/vhost(\/.*)?&#8221;<\/p>\n<\/div><\/div>\n\n\n\n<p>Next, we need to use the <strong>restorecon<\/strong> utility in order to change the label:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo restorecon -R -v \/vhost<\/p>\n<\/div><\/div>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"65\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/6-3.png\" alt=\"screenshot of code\" class=\"wp-image-105324\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/6-3.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/6-3-300x38.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<p>By using <strong>restorecon<\/strong> appropriately, you can ensure that your files and directories have the correct SELinux context, which is crucial for proper SELinux policy enforcement and security on your system.<\/p>\n\n\n\n<p>We can now check the syntax for Apache and then restart the Apache service:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo apachectl configtest<\/p>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo systemctl restart httpd<\/p>\n<\/div><\/div>\n\n\n\n<p>Since we require network access so we can curl our file or see it in the browser, we need to check if there is a present SELinux policy for port 80.<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo semanage port -l | grep http_port_t<\/p>\n<\/div><\/div>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"40\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/7-3.png\" alt=\"screenshot of code\" class=\"wp-image-105316\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/7-3.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/7-3-300x23.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<p>If you don&#8217;t see a similar output in your version or distribution, then you need to add it.<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo semanage port -a -t http_port_t -p tcp 80<\/p>\n<\/div><\/div>\n\n\n\n<p>This command adds a new port definition to the SELinux policy, allowing SELinux to recognize port 80 as a valid port for TCP-based HTTP traffic. This is important to ensure that SELinux permits network access to services running on port 80, such as our Apache web server.<\/p>\n\n\n\n<p>Finally, before we can see our file in the browser or be able to send a curl request, we need to add an exception in our <strong>firewalld<\/strong> daemon and reload the rules:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo firewall-cmd &#8211;permanent &#8211;add-service=http<\/p>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo firewall-cmd &#8211;reload<\/p>\n<\/div><\/div>\n\n\n\n<p>We can test if our file is loading by typing the IP address in the browser:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>http:\/\/172.105.83.174<\/p>\n<\/div><\/div>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"164\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/8-2.png\" alt=\"screenshot of code\" class=\"wp-image-105314\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/8-2.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/8-2-300x96.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<div class=\"wp-block-cgb-notification-card notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><p><strong>Note:<\/strong> Learn and use the tools that SELinux provides. For example, the command sealert will load a GUI that will make it possible to review alerts. It offers friendly descriptions of denials and recommendations to adjust your configuration.<\/p><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step4\">Step 4: Troubleshooting SELinux<\/h2>\n\n\n\n<p>Let&#8217;s say we want to host our application or see our index file on a non-standard port 8585.<\/p>\n\n\n\n<p>First, we need to change the <strong>httpd.conf<\/strong> file for the Apache webvserver and find the <strong>Listen<\/strong> directive.<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo vi \/etc\/httpd\/conf\/httpd.conf<\/p>\n<\/div><\/div>\n\n\n\n<p>Find the Listen directive and add the new line with port 8585.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"468\" height=\"108\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/9-2.png\" alt=\"screenshot of code\" class=\"wp-image-105315\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/9-2.png 468w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/9-2-300x69.png 300w\" sizes=\"(max-width: 468px) 100vw, 468px\" \/><\/figure>\n\n\n\n<p>Next, we also need to edit the config file that we created previously.<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo vi \/etc\/httpd\/conf.d\/myapp.conf<\/p>\n<\/div><\/div>\n\n\n\n<p>Here we will also add port 8585.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"309\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/10-2.png\" alt=\"screenshot of code\" class=\"wp-image-105317\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/10-2.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/10-2-300x181.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<p>We can check the Apache syntax to make sure we didn&#8217;t make any errors:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo apachectl configtest<\/p>\n<\/div><\/div>\n\n\n\n<p>The output of this command should give us information that the syntax is fine.<\/p>\n\n\n\n<p>Now, we can try to restart the Apache server:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo systemctl restart httpd<\/p>\n<\/div><\/div>\n\n\n\n<p>As the output, we will receive information that our Apache wasn&#8217;t able to start while the syntax is correct.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"26\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/11-2.png\" alt=\"screenshot of code\" class=\"wp-image-105318\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/11-2.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/11-2-300x15.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<p>In order to troubleshoot this error we will use SELinux&#8217;s audit utility:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo ausearch -m AVC -c &#8216;httpd&#8217;<\/p>\n<\/div><\/div>\n\n\n\n<p>As the output, we will clearly see that SELinux has blocked us and that we need to change the policy.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"59\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/12-2.png\" alt=\"screenshot of code\" class=\"wp-image-105325\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/12-2.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/12-2-300x35.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<p>We can do so by running the following command and our custom port:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo semanage port -a -t http_port_t -p tcp 8585<\/p>\n<\/div><\/div>\n\n\n\n<p>Now, we can try to restart our Apache, which should start without issues:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo systemctl restart httpd<\/p>\n<\/div><\/div>\n\n\n\n<p>Next, we need to add this custom port to our <strong>firewalld<\/strong> and reload all rules:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo firewall-cmd &#8211;permanent &#8211;add-port=8585\/tcp<\/p>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo firewall-cmd &#8211;reload<\/p>\n<\/div><\/div>\n\n\n\n<p>Now, if we reach our website with the custom port, we should be able to see in the browser:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>http:\/\/172.105.83.174:8585<\/p>\n<\/div><\/div>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"164\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/13-2.png\" alt=\"screenshot of code\" class=\"wp-image-105312\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/13-2.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/13-2-300x96.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step5\">Step 5: Managing SELinux Modes<\/h2>\n\n\n\n<p>There are times when you need to debug your SELinux so you might want to place it in permissive mode. SELinux will log policy violations but won&#8217;t block any actions. This mode is helpful for diagnosing potential policy issues or violations without affecting system functionality. It does not permanently change SELinux&#8217;s configuration and it will revert to enforcing mode after a system reboot.<\/p>\n\n\n\n<p>In order to set SELinux in permissive mode, run the following command:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo setenforce 0<\/p>\n<\/div><\/div>\n\n\n\n<p>You can always revert to enforcing mode where SELinux actively enforces security policies and may deny actions that violate those policies. In enforcing mode, SELinux provides a higher level of security but may require fine-tuning policies to avoid false positives.<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo setenforce 1<\/p>\n<\/div><\/div>\n\n\n\n<p>Finally, you can completely disable SELinux, but it is considered a security risk and should be done with caution as it degrades the system&#8217;s security posture. SELinux may seem complex to manage, but it contributes significantly to system security.<\/p>\n\n\n\n<p>In order to disable it completely, you would need to edit its configuration file:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo vi \/etc\/selinux\/config<\/p>\n<\/div><\/div>\n\n\n\n<p>Here you can replace the value to disabled:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>SELINUX=disabled<\/p>\n<\/div><\/div>\n\n\n\n<p>In order to apply the changes and disable SELinux, reboot your system:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>sudo reboot<\/p>\n<\/div><\/div>\n\n\n\n<p>So, the next time you check if SELinux is enabled using the <strong>sestatus<\/strong> command, you will see that it\u2019s disabled.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"71\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/14-2.png\" alt=\"screenshot of code\" class=\"wp-image-105313\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/14-2.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/14-2-300x42.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>In this walk-through, you have learned how to explore, troubleshoot, and manage SELinux, an important security feature for CentOS and RHEL distributions.&nbsp;<\/p>\n\n\n\n<p>For IT admins who are looking for additional ways to simplify their cloud infrastructure management as a whole and secure access to servers, JumpCloud can help.&nbsp;<\/p>\n\n\n\n<p>Learn more about how our cloud directory platform can be leveraged to <a href=\"https:\/\/jumpcloud.com\/platform\/cloud-device-management\" target=\"_blank\" rel=\"noreferrer noopener\">automate server management<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Improve your security posture and learn more about SELinux, its core concepts, and how to work with it on CentOS\/RHEL systems.<\/p>\n","protected":false},"author":150,"featured_media":105317,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[2781],"tags":[],"collection":[2778],"platform":[],"funnel_stage":[3017],"coauthors":[2535],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How To Explore SELinux on CentOS or RHEL - JumpCloud<\/title>\n<meta name=\"description\" content=\"Improve your security posture and learn more about SELinux, its core concepts, and how to work with it on CentOS\/RHEL systems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How To Explore SELinux on CentOS or RHEL\" \/>\n<meta property=\"og:description\" content=\"Improve your security posture and learn more about SELinux, its core concepts, and how to work with it on CentOS\/RHEL systems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-19T15:53:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-06T16:22:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/10-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"309\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"David Worthington\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Worthington\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel\"},\"author\":{\"name\":\"David Worthington\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\"},\"headline\":\"How To Explore SELinux on CentOS or RHEL\",\"datePublished\":\"2024-01-19T15:53:40+00:00\",\"dateModified\":\"2024-02-06T16:22:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel\"},\"wordCount\":2052,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/10-2.png\",\"articleSection\":[\"How-To\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel\",\"url\":\"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel\",\"name\":\"How To Explore SELinux on CentOS or RHEL - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/10-2.png\",\"datePublished\":\"2024-01-19T15:53:40+00:00\",\"dateModified\":\"2024-02-06T16:22:08+00:00\",\"description\":\"Improve your security posture and learn more about SELinux, its core concepts, and how to work with it on CentOS\/RHEL systems.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/10-2.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/10-2.png\",\"width\":512,\"height\":309,\"caption\":\"screenshot of code\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How To Explore SELinux on CentOS or RHEL\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\",\"name\":\"David Worthington\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"caption\":\"David Worthington\"},\"description\":\"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\",\"david.worthington@jumpcloud.com\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How To Explore SELinux on CentOS or RHEL - JumpCloud","description":"Improve your security posture and learn more about SELinux, its core concepts, and how to work with it on CentOS\/RHEL systems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel","og_locale":"en_US","og_type":"article","og_title":"How To Explore SELinux on CentOS or RHEL","og_description":"Improve your security posture and learn more about SELinux, its core concepts, and how to work with it on CentOS\/RHEL systems.","og_url":"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel","og_site_name":"JumpCloud","article_published_time":"2024-01-19T15:53:40+00:00","article_modified_time":"2024-02-06T16:22:08+00:00","og_image":[{"width":512,"height":309,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/10-2.png","type":"image\/png"}],"author":"David Worthington","twitter_card":"summary_large_image","twitter_misc":{"Written by":"David Worthington","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel"},"author":{"name":"David Worthington","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e"},"headline":"How To Explore SELinux on CentOS or RHEL","datePublished":"2024-01-19T15:53:40+00:00","dateModified":"2024-02-06T16:22:08+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel"},"wordCount":2052,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/10-2.png","articleSection":["How-To"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel","url":"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel","name":"How To Explore SELinux on CentOS or RHEL - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/10-2.png","datePublished":"2024-01-19T15:53:40+00:00","dateModified":"2024-02-06T16:22:08+00:00","description":"Improve your security posture and learn more about SELinux, its core concepts, and how to work with it on CentOS\/RHEL systems.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/10-2.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/01\/10-2.png","width":512,"height":309,"caption":"screenshot of code"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/how-to-explore-selinux-on-centos-rhel#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"How To Explore SELinux on CentOS or RHEL"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e","name":"David Worthington","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411","url":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","caption":"David Worthington"},"description":"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.","sameAs":["https:\/\/jumpcloud.com\/blog","david.worthington@jumpcloud.com"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/105299"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/150"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=105299"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/105299\/revisions"}],"predecessor-version":[{"id":105329,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/105299\/revisions\/105329"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/105317"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=105299"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=105299"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=105299"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=105299"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=105299"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=105299"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=105299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}