1.4.3 Set the SELinux Policy - SELINUXTYPE=targeted

Information

Configure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only.

Rationale:

Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the default policy, which is perfectly acceptable. This item is intended to ensure that at least the default recommendations are met.

Solution

Edit the /etc/selinux/config file to set the SELINUXTYPE parameter:

SELINUXTYPE=targeted

Note: If your organization requires stricter policies, make sure they are added to the /etc/selinux/config file.




Default Value:

OS Default: No

See Also

https://workbench.cisecurity.org/files/3096

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CSCv7|14.6

Plugin: Unix

Control ID: 2e6c43387756addb8a504b38edf70a5c9ce415b95caa8e425b98c801c0c50f10