Set trusted execution policy LOCK_KERN_POLICIES to enabled. All of the other policies will then be locked and cannot be changed without disabling the LOCK_KERN_POLICIES policy and then restarting the system. Rationale: When policies are locked, unauthorized users cannot make changes to the policies to allow them to execute unapproved tools and then revert the settings afterwards. An unplanned system reboot is likely to be noticed and investigated
Solution
Execute the following command trustchk -p LOCK_KERN_POLICIES=ON