RHEL-06-000017 - The system must use a Linux Security Module at boot time.

Information

Disabling a major host protection feature, such as SELinux, at boot time prevents it from confining system services at boot time. Further, it increases the chances that it will remain off during system operation.

Solution

SELinux can be disabled at boot time by an argument in '/boot/grub/grub.conf'. Remove any instances of 'selinux=0' from the kernel arguments in that file to prevent SELinux from being disabled at boot.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_6_V2R2_STIG.zip

Item Details

Category: ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-3(4), 800-53|SI-6a., CAT|II, CCI|CCI-002163, CCI|CCI-002696, Rule-ID|SV-217858r603264_rule, STIG-ID|RHEL-06-000017, STIG-Legacy|SV-65547, STIG-Legacy|V-51337, Vuln-ID|V-217858

Plugin: Unix

Control ID: 56da6ed91f3b2d9b92ccd8aeec0d0fcba866aa4548062dab09f201f25e3d9b62