Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-59371 | OL6-00-000025 | SV-73801r1_rule | Low |
Description |
---|
If a device file carries the SELinux type "unlabeled_t", then SELinux cannot properly restrict access to the device file. |
STIG | Date |
---|---|
Oracle Linux 6 Security Technical Implementation Guide | 2019-03-20 |
Check Text ( C-60147r1_chk ) |
---|
To check for unlabeled device files, run the following command: # ls -RZ /dev | grep unlabeled_t It should produce no output in a well-configured system. If there is output, this is a finding. |
Fix Text (F-64767r1_fix) |
---|
Device files, which are used for communication with important system resources, should be labeled with proper SELinux types. If any device files carry the SELinux type "unlabeled_t", investigate the cause and correct the file's context. |