An error occurred:

Check: RHEL-06-000017

Red Hat Enterprise Linux 6 STIG: RHEL-06-000017 (in versions v2 r2 through v1 r14)

Title

The system must use a Linux Security Module at boot time. (Cat II impact)

Discussion

Disabling a major host protection feature, such as SELinux, at boot time prevents it from confining system services at boot time. Further, it increases the chances that it will remain off during system operation.

Check Content

Inspect "/boot/grub/grub.conf" for any instances of "selinux=0" in the kernel boot arguments. Presence of "selinux=0" indicates that SELinux is disabled at boot time. If SELinux is disabled at boot time, this is a finding.

Fix Text

SELinux can be disabled at boot time by an argument in "/boot/grub/grub.conf". Remove any instances of "selinux=0" from the kernel arguments in that file to prevent SELinux from being disabled at boot.

Additional Identifiers

Rule ID: SV-217858r603264_rule

Vulnerability ID: V-217858

Group Title: SRG-OS-000445

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.
CCI-002163

The organization defines the discretionary access control policies the information system is to enforce over subjects and objects.
CCI-002696

The information system verifies correct operation of organization-defined security functions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-3 (4)

Discretionary Access Control
CM-6

Configuration Settings
SI-6

Security Function Verification