1.6.1.3 Ensure SELinux policy is configured

Information

Configure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only.
Rationale:
Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the default policy, which is perfectly acceptable. This item is intended to ensure that at least the default recommendations are met.

Solution

Edit the /etc/selinux/config file to set the SELINUXTYPE parameter:
SELINUXTYPE=default
Notes:
If your organization requires stricter policies, ensure that they are set in the /etc/selinux/configfile.

See Also

https://workbench.cisecurity.org/files/2242

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CSCv7|14.6

Plugin: Unix

Control ID: 5460d2c10733ca1f6a37dda950f0def04c81f1e7bc4d7c2dc7a5a279ebee784e