All device files must be monitored by the system Linux Security Module.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-208803 | OL6-00-000025 | SV-208803r793588_rule | Low |
| Description |
|---|
| If a device file carries the SELinux type "unlabeled_t", then SELinux cannot properly restrict access to the device file. |
| STIG | Date |
|---|---|
| Oracle Linux 6 Security Technical Implementation Guide | 2021-12-03 |
Details
| Check Text ( C-9056r357389_chk ) |
|---|
| To check for unlabeled device files, run the following command: # ls -RZ /dev | grep unlabeled_t It should produce no output in a well-configured system. If there is output, this is a finding. |
| Fix Text (F-9056r357390_fix) |
|---|
| Device files, which are used for communication with important system resources, should be labeled with proper SELinux types. If any device files carry the SELinux type "unlabeled_t", investigate the cause and correct the file's context. |