Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22584 | GEN000000-LNX00800 | SV-63085r1_rule | ECSC-1 | Low |
Description |
---|
Linux Security Modules such as SELinux and AppArmor can be used to provide protection from software exploits by explicitly defining the privileges permitted to each software package. |
STIG | Date |
---|---|
Oracle Linux 5 Security Technical Implementation Guide | 2015-06-05 |
Check Text ( C-51839r1_chk ) |
---|
Check if SELinux is enabled with at least a "targeted" policy. # grep ^SELINUX /etc/sysconfig/selinux If the SELINUX option is not set to "enforcing", this is a finding. If the SELINUXTYPE option is not set to "targeted" or "strict", this is a finding. If the use of the system is incompatible with the confines of SELinux this rule may be waived. |
Fix Text (F-53671r1_fix) |
---|
Enable one of the SELinux policies. Edit /etc/sysconfig/selinux and set the value of the SELINUX option to "enforcing" and SELINUXTYPE to "targeted" or "strict". Restart the system. |