1.5.1 Ensure SELinux is configured

Information

SELinux must be enabled and in enforcing mode.

Rationale:

The mandatory access controls provided by the default SELinux policy are a critical mechanism to prevent containers from accessing sensitive data or modifying system files that belong to the host or to other containers.

Solution

Replace the system or reinstall the distribution.

See Also

https://workbench.cisecurity.org/benchmarks/6709

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 15b87a1c002db63e979d768a4e97267ef94542ab56598eba51a08b95b9d01068