1.6.1.3 Ensure SELinux policy is configured

Information

Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the default policy, which is perfectly acceptable. This item is
intended to ensure that at least the default recommendations are met.

Solution

Edit the /etc/selinux/config file to set the SELINUXTYPE parameter - SELINUXTYPE=targeted Notes - If your organization requires stricter policies, ensure that they are set in
the /etc/selinux/config file.

See Also

https://workbench.cisecurity.org/files/1863

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3(3)

Plugin: Unix

Control ID: 42ea72c6c1f841e30397de90008683a1b24ead50fa7aaa00abc9d05689de8388