This sample configuration assumes Apache was installed in /usr/local/apache with a log directory of /var/log/httpd and a configuration directory of /etc/httpd. You can adjust the paths in the ACLs to match your own configuration. With this configuration, Apache must be started prior to sealing the kernel, or when LIDS_GLOBAL is disabled so it can bind to port 80 (and possibly 443).
/sbin/lidsconf -A -s /usr/local/apache/bin/httpd \ -o CAP_SETUID -j GRANT /sbin/lidsconf -A -s /usr/local/apache/bin/httpd \ -o CAP_SETGID -j GRANT # Config files /sbin/lidsconf -A -o /etc/httpd -j DENY /sbin/lidsconf -A -s /usr/local/apache/bin/httpd \ -o /etc/httpd -j READONLY # Server Root /sbin/lidsconf -A -o /usr/local/apache -j DENY /sbin/lidsconf -A -s /usr/local/apache/bin/httpd \ -o /usr/local/apache -j READONLY # Log Files /sbin/lidsconf -A -o /var/log/httpd -j DENY /sbin/lidsconf -A -s /usr/local/apache/bin/httpd \ -o /var/log/httpd -j APPEND /sbin/lidsconf -A -s /usr/local/apache/bin/httpd \ -o /usr/local/apache/logs -j WRITE |