1.6.1.3 Ensure SELinux policy is configured (Scored)
Profile Applicability
Level 2 - Server Level 2 - Workstation
Description
Configure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only.
Rationale
Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the default policy, which is perfectly acceptable. This item is intended to ensure that at least the default recommendations are met.
Audit
Run the following commands and ensure output matches ubuntu
, default
or mls
:
# grep SELINUXTYPE= /etc/selinux/config SELINUXTYPE=ubuntu # sestatus Policy from config file: ubuntu
Remediation
Edit the /etc/selinux/config
file to set the SELINUXTYPE parameter:
SELINUXTYPE=ubuntu
Notes
If your organization requires stricter policies, ensure that they are set in the /etc/selinux/config
file.