1.6.2.3 Ensure SELinux policy is configured

Information

Configure SELinux to meet or exceed the default targeted policy, which constrains daemons
and system software only.

Rationale:

Security configuration requirements vary from site to site. Some sites may mandate a
policy that is stricter than the default policy, which is perfectly acceptable. This item is
intended to ensure that at least the default recommendations are met.

Solution

Edit the /etc/selinux/config file to set the SELINUXTYPE parameter:

SELINUXTYPE=targeted

Notes:

If your organization requires stricter policies, ensure that they are set in the
/etc/selinux/config file.

See Also

https://workbench.cisecurity.org/files/2420