Check: RHEL-06-000023
Red Hat Enterprise Linux 6 STIG:
RHEL-06-000023
(in versions v2 r2 through v1 r14)
Title
The system must use a Linux Security Module configured to limit the privileges of system services. (Cat III impact)
Discussion
Setting the SELinux policy to "targeted" or a more specialized policy ensures the system will confine processes that are likely to be targeted for exploitation, such as network or system services.
Check Content
Check the file "/etc/selinux/config" and ensure the following line appears: SELINUXTYPE=targeted If it does not, this is a finding.
Fix Text
The SELinux "targeted" policy is appropriate for general-purpose desktops and servers, as well as systems in many other roles. To configure the system to use this policy, add or correct the following line in "/etc/selinux/config": SELINUXTYPE=targeted Other policies, such as "mls", provide additional security labeling and greater confinement but are not compatible with many general-purpose use cases.
Additional Identifiers
Rule ID: SV-217863r603264_rule
Vulnerability ID: V-217863
Group Title: SRG-OS-000324
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-002165 |
The information system enforces organization-defined discretionary access control policies over defined subjects and objects. |
| CCI-002235 |
The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. |