UCF STIG Viewer Logo

The system must use a Linux Security Module configured to limit the privileges of system services.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22584 GEN000000-LNX00800 SV-26978r1_rule Low
Description
Linux Security Modules such as SELinux and AppArmor can be used to provide protection from software exploits by explicitly defining the privileges permitted to each software package.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2017-03-01

Details

Check Text ( C-36036r1_chk )
Check if SELinux is enabled with at least a "targeted" policy.

# grep ^SELINUX /etc/sysconfig/selinux

If the SELINUX option is not set to "enforcing", this is a finding.
If the SELINUXTYPE option is not set to "targeted" or "strict", this is a finding.

If the use of the system is incompatible with the confines of SELinux this rule may be waived.
Fix Text (F-31279r2_fix)
Enable one of the SELinux policies.
Edit /etc/sysconfig/selinux and set the value of the SELINUX option to "enforcing" and SELINUXTYPE to "targeted" or "strict".
Restart the system.