Detections
Analytics
OL09-00-003010 - OL 9 must configure SELinux context type to allow the use of a nondefault faillock tally directory.
Information
Not having the correct SELinux context on the faillock directory may lead to unauthorized access to the directory.Solution
Configure OL 9 to allow the use of a nondefault faillock tally directory while SELinux enforces a targeted policy.Create a nondefault faillock tally directory (if it does not already exist) with the following example:
$ sudo mkdir /var/log/faillock
Update the /etc/selinux/targeted/contexts/files/file_contexts.local with "faillog_t" context type for the nondefault faillock tally directory with the following command:
$ sudo semanage fcontext -a -t faillog_t "/var/log/faillock(/.*)?"
Update the context type of the nondefault faillock directory/subdirectories and files with the following command:
$ sudo restorecon -R -v /var/log/faillock
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_9_V1R5_STIG.zip
Item Details
Audit Name: DISA Oracle Linux 9 STIG v1r5
Category: ACCESS CONTROL
References: 800-53|AC-7a., CAT|II, CCI|CCI-000044, Rule-ID|SV-271836r1092637_rule, STIG-ID|OL09-00-003010, Vuln-ID|V-271836
Plugin: Unix
Control ID: a8067965f21582af994cabbdd19c6f24da204276d11976996c9abf002a53e293