The system must use a Linux Security Module configured to limit the privileges of system services.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22584 | GEN000000-LNX00800 | SV-44756r1_rule | ECSC-1 | Low |
| Description |
|---|
| Linux Security Modules such as SELinux and AppArmor can be used to provide protection from software exploits by explicitly defining the privileges permitted to each software package. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Server v11 for System z | 2012-12-13 |
Details
| Check Text ( C-42261r2_chk ) |
|---|
| Check if AppArmor is enabled in YaST. # yast Select ‘Novell AppArmor’ > ‘AppArmor Control Panel’ The ‘Enable AppArmor’ checkbox must be selected. If it is not, this is a finding. |
| Fix Text (F-38206r2_fix) |
|---|
| Enable AppArmor in Yast. # yast Select ‘Novell AppArmor’ > ‘AppArmor Control Panel’ Select the ‘Enable AppArrmor’ checkbox and check it. Exit the AppArmor Control Panel with ‘Done’ Restart the system. |