The system must use a Linux Security Module configured to limit the privileges of system services.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-208802 | OL6-00-000023 | SV-208802r793587_rule | Low |
| Description |
|---|
| Setting the SELinux policy to "targeted" or a more specialized policy ensures the system will confine processes that are likely to be targeted for exploitation, such as network or system services. |
| STIG | Date |
|---|---|
| Oracle Linux 6 Security Technical Implementation Guide | 2021-12-03 |
Details
| Check Text ( C-9055r357386_chk ) |
|---|
| Check the file "/etc/selinux/config" and ensure the following line appears: SELINUXTYPE=targeted If it does not, this is a finding. |
| Fix Text (F-9055r357387_fix) |
|---|
| The SELinux "targeted" policy is appropriate for general-purpose desktops and servers, as well as systems in many other roles. To configure the system to use this policy, add or correct the following line in "/etc/selinux/config": SELINUXTYPE=targeted Other policies, such as "mls", provide additional security labeling and greater confinement but are not compatible with many general-purpose use cases. |