Detections
Analytics
RHEL-10-400145 - RHEL 10 must be configured so that all system device files are correctly labeled to prevent unauthorized modification.
Information
If an unauthorized or modified device is allowed to exist on the system, the system may perform unintended or unauthorized operations.Solution
Configure RHEL 10 so that all system device files are correctly labeled to prevent unauthorized modification.Restore the SELinux policy for the affected device file from the system policy database using the following command:
$ sudo restorecon -v <device_path>
Substitute "<device_path>" with the path to the affected device file (from the output of the previous commands). An example device file path would be "/dev/ttyUSB0".
If the output of the above command does not indicate that the device was relabeled to a more specific SELinux type label, the SELinux policy of the system must be updated with more specific policy for the device class specified.
If a package was used to install support for a device class, that package could be reinstalled using the following command:
$ sudo dnf reinstall <package_name>
If a package was not used to install the SELinux policy for a given device class, it must be generated manually and provide specific type labels.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: ACCESS CONTROL
References: 800-53|AC-3, CAT|II, CCI|CCI-000213, Rule-ID|SV-281046r1165493_rule, STIG-ID|RHEL-10-400145, Vuln-ID|V-281046
Plugin: Unix
Control ID: ec8d0d68b5b808f7cc34995ae3de67a048f1290dc1b585b9e0d68b8b9dabfe73