InformationConfigure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only.
Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the default policy, which is perfectly acceptable. This item is intended to ensure that at least the default recommendations are met.
SolutionEdit the /etc/selinux/config file to set the SELINUXTYPE parameter:
Example vim /etc/selinux/config
If your organization requires stricter policies, ensure that they are set in the /etc/selinux/config file.
This Benchmark recommendation maps to:
Red Hat Enterprise Linux 7 Security Technical Implementation Guide:
Version 2, Release: 3 Benchmark Date: 26 Apr 2019
Vul ID: V-71991
Rule ID: SV-86615r4_rule
STIG ID: RHEL-07-020220
Severity: CAT I