1.6.1.3 Ensure SELinux policy is configured - /etc/selinux/config

Information

Configure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only.

Note: If your organization requires stricter policies, ensure that they are set in the /etc/selinux/config file.

Rationale:

Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the default policy, which is perfectly acceptable. This item is intended to ensure that at least the default recommendations are met.

Solution

Edit the /etc/selinux/config file to set the SELINUXTYPE parameter:

SELINUXTYPE=targeted

Item Details

Audit Name: CIS Red Hat EL7 Workstation L1 v3.1.1

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 1eece2f1459a10c4ce591dd14d1c9a96b2f19fd9962066fa8fba5532dc1ee3ec

Detections

Analytics

1.6.1.3 Ensure SELinux policy is configured - /etc/selinux/config

Information

Solution

See Also

Item Details