Chapter 7. Using the command-line assistant to debug or troubleshoot system issues

Procedure

1. Check the SSHD status and restart it.

   $ sudo systemctl status ssh
   $ sudo systemctl restart ssh

2. Enable the optional command-line assistant terminal capture feature:

   $ c shell --enable-capture

3. Use the -w 1 "your_question" option to specify to include the output from the last command that was run.

   $ c -w 1 "what_is_this"

   • If you specify the number 2, that references the output from the second-to-last command. This is also true for the additional numbers.

   • You can also specify a prompt to run with the command and ask "help me understand the output", and reference the output with the error, so that the command-line assistant understands that you are asking for more details on what the error is.

     The command-line assistant processes the request and provides several possible solutions. In the example, you can use the suggestion to run the journalctl -xeu sshd.service command to check the log files.

4. Run that journalctl command and check the log files to identify potential issues.

   $ journalctl -xeu sshd.service

5. Ask the command-line assistant to generate a command on how to fix this typing error.

   $ c "what is the command that I can use to change 'Porrt' to 'Port' in the /etc/ssh/sshd_config file?"

6. Run the command suggested by the command-line assistant as a sudo user. For example:

   $ sudo sed -i s/Porrt/Port/g /etc/ssh/sshd_config

Procedure

1. Check the httpd package version and identify the ports on which the web server accepts incoming requests:

   $ sudo rpm -qa httpd

   httpd-2.4.62-2.fc40.x86_64

   $ cat /etc/httpd/conf/httpd.conf | grep Listen

   Listen 80

2. Restart the httpd service and check for errors:

   $ systemctl restart httpd
   $ sudo journalctl -xeu httpd.service

   Job for httpd. Service failed because the control process exited with error code.

3. Use the command-line assistant to troubleshoot the service failure and check SELinux status:

   $ c "why did httpd fail to start"
   $ c "selinux httpd port"
   $ sudo sestatus

4. Check the SELinux context for httpd and ask the command-line assistant for guidance:

   $ sudo cat /usr/share/selinux/targeted/contexts/httpd_var_run_t

   No such file or directory

   $ c "i don't have a httpd_var_run_t contexts"

5. Set the SELinux context and configure the port as suggested by the command-line assistant:

   $ sudo chcon -R -t httpd_var_run_t
   $ c "selinux won't let httpd listen on port 12345"
   $ sudo semanage port -a -t httpd_port_t -p tcp 12345

6. If you receive a ValueError, ask the command-line assistant and apply the suggested fix:

   $ c "how do I fix ValueError: Type httpd_port_t is invalid, must be a port type"
   $ sudo ls -Z /usr/sbin/httpd
   $ chcon -t httpd_exec_t /usr/sbin/httpd
   $ sudo setenforce 1

7. Restart httpd and enable network connections if the service still fails:

   $ sudo systemctl restart httpd
   $ c "how do I enable httpd to listen on port 12345 selinux"
   $ sudo setsebool -P httpd_can_network_connect=1

8. If the service fails again, check the journal and search for SELinux denials:

   $ journalctl -xeu httpd
   $ c "An ExecStart= process belonging to unit httpd.service has exited."
   $ sudo ausearch -m AVC,USER_AVC -ts recent

9. Enter the AVC denial output to the command-line assistant for analysis:

   $ c "avc: denied {name_bind} for pid=7184 comm="httpd" src=12345 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0"

10. Add the port to the correct SELinux type to resolve the binding error:

    $ sudo semanage port -a -t http_port_t -p tcp 12345