1.6.1.4 Ensure SELinux policy is configured - sestatus

Information

Configure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only.

Rationale:

Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the default policy, which is perfectly acceptable. This item is intended to ensure that at least the default recommendations are met.

Solution

Edit the /etc/selinux/config file to set the SELINUXTYPE parameter:
Example vim /etc/selinux/config

SELINUXTYPE=targeted

Notes:

If your organization requires stricter policies, ensure that they are set in the /etc/selinux/config file.

This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019



Vul ID: V-71991

Rule ID: SV-86615r4_rule

STIG ID: RHEL-07-020220

Severity: CAT I

See Also

https://workbench.cisecurity.org/files/2688

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CSCv7|14.6

Plugin: Unix

Control ID: 82443ee533feefc659a585e5ae5dd6e93fd1bd54cb1465c8bb9662f5ed47817d