UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must use a Linux Security Module configured to limit the privileges of system services.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22584 GEN000000-LNX00800 SV-63085r1_rule ECSC-1 Low
Description
Linux Security Modules such as SELinux and AppArmor can be used to provide protection from software exploits by explicitly defining the privileges permitted to each software package.
STIG Date
Oracle Linux 5 Security Technical Implementation Guide 2015-06-05

Details

Check Text ( C-51839r1_chk )
Check if SELinux is enabled with at least a "targeted" policy.

# grep ^SELINUX /etc/sysconfig/selinux

If the SELINUX option is not set to "enforcing", this is a finding.
If the SELINUXTYPE option is not set to "targeted" or "strict", this is a finding.

If the use of the system is incompatible with the confines of SELinux this rule may be waived.
Fix Text (F-53671r1_fix)
Enable one of the SELinux policies.
Edit /etc/sysconfig/selinux and set the value of the SELINUX option to "enforcing" and SELINUXTYPE to "targeted" or "strict".
Restart the system.