UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must use a Linux Security Module configured to limit the privileges of system services.


Overview

Finding ID Version Rule ID IA Controls Severity
RHEL-06-000024 RHEL-06-000024 RHEL-06-000024_rule Low
Description
Setting the SELinux policy to "targeted" or a more specialized policy ensures the system will confine processes that are likely to be targeted for exploitation, such as network or system services.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2013-02-05

Details

Check Text ( C-RHEL-06-000024_chk )
If the system is a cross-domain system, this is not applicable.

Check the file "/etc/selinux/config" and ensure the following line appears:

SELINUXTYPE=targeted


If it does not, this is a finding.
Fix Text (F-RHEL-06-000024_fix)
The SELinux "targeted" policy is appropriate for general-purpose desktops and servers, as well as systems in many other roles. To configure the system to use this policy, add or correct the following line in "/etc/selinux/config":

SELINUXTYPE=targeted

Other policies, such as "mls", provide additional security labeling and greater confinement but are not compatible with many general-purpose use cases.