Note: This is an RHCE 7 exam objective.
Prerequisites
First, follow the instructions to install an Apache web server.
Configuration Procedure
Create the /var/www/cgi-bin/hello.pl Perl script and insert the following lines:
#!/usr/bin/perl print "Content-type: text/html\n\n"; print "Hello, World!";
Make this script executable:
# chmod 755 /var/www/cgi-bin/hello.pl
Restart the httpd service:
# systemctl restart httpd
Check the SELinux httpd_enable_cgi boolean is on (it is on by default):
# getsebool httpd_enable_cgi httpd_enable_cgi --> on
Note: Another SELinux boolean useful to remember is httpd_can_sendmail: it allows the httpd server to send emails.
Check the httpd service:
# yum install -y elinks # elinks http://localhost/cgi-bin/hello.pl
Alternatively, if you want to use a directory other than the /var/www/cgi-bin/ default (/webapp for example), you will have some additional steps.
Create the /webapp directory:
# mkdir /webapp
Move the hello.pl file into it:
# mv /var/www/cgi-bin/hello.pl /webapp
Set up SElinux configuration for the /webapp directory:
# yum install -y setroubleshoot-server # semanage fcontext -a -t httpd_sys_script_exec_t "/webapp(/.*)?" # restorecon -R /webappelinks /usr/share/httpd/manual/howto/cgi.html
Edit the /etc/httpd/conf/httpd.conf file and replace the ‘ScriptAlias‘ option with the following line:
ScriptAlias /cgi-bin/ "/webapp/"
In the same file, where the configuration of your website (or virtual host) is located, add the following lines:
<Directory "/webapp"> AllowOverride None Options None Require all granted </Directory>
In the same stanza, you can optionally add the following lines (but it doesn’t seem mandatory):
Options ExecCGI AddHandler cgi-script .pl
Check the configuration file:
# apachectl configtest Syntax OK
Restart the httpd service:
# systemctl restart httpd
Testing Time
Check the execution of the Perl script:
# yum install -y elinks # elinks http://localhost/cgi-bin/hello.pl
Useful Tip
If you don’t remember the syntax of any directive, type:
# yum -y install httpd-manual # elinks /usr/share/httpd/manual/howto/cgi.html
“Options ExecCGI” and “AddHandler cgi-script .pl” should be added only if you don’t specify ScriptAlias directive within VirtualHost. Otherwise, if you use ScriptAlias you can indeed skip it.
do I need to use particularly a Perl test script for this task? or it can be PHP or Python one? or it can be requested to deploy any of them on the exam?
In this matter, the only thing you are supposed to know is Bash.
You should also include how to work on WSGI script followed by mod_wsgi package.
I will think about it. Thanks.
Hi Jaz and CertDepot
This might help.
https://youtu.be/S0Ygk7OeR6s
When the problem is with opening cgi page “500 Internal Server Error”, you have to verify also the httpd error log file, because when selinux is not set properly, the warning is not displaying in /var/log/audit/audit.log,
but in /var/log/httpd/error_log only.
According to http://selinuxproject.org/page/NB_AL:
“…It is not mandatory for SELinux-aware applications to audit events or even log them in the audit log. The decision is made by the application designer.”
Ok, thanks.
For examples on syntax it’s easier to check the httpd manual:
yum -y install httpd-manual
elinks /usr/share/httpd/manual/howto/cgi.html
I add it to the tutorial. Thanks.
How about wsgi scripts? Are those worth learning?
You are only supposed to deploy them, not become an expert.
I wonder, do you need to hardcode the cgi script into the apache configuration
e.g.
ScriptAlias /cgi-bin/ “/webapp/cgi.html”
versus
ScriptAlias /cgi-bin/ “/webapp/”
The first one if you do a
elinks http://localhost/cgi-bin/
versus
elinks http://localhost/cgi-bin/cgi.html
Both are correct are but is there a best practice?
Think about the problem this way: which is the most effective and gives you the more versatile options. If you are doing the exam, answer the question given.
From a practical point of view, how would you access multiple script files?