1.6.1.3 Ensure SELinux policy is configured (Scored)

Level 2 - Server 
Level 2 - Workstation

Configure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only.

Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the default policy, which is perfectly acceptable. This item is intended to ensure that at least the default recommendations are met.

Run the following commands and ensure output matches ubuntu, default or mls:

# grep SELINUXTYPE= /etc/selinux/config 
SELINUXTYPE=ubuntu
 
# sestatus 
Policy from config file: ubuntu

Edit the /etc/selinux/config file to set the SELINUXTYPE parameter:

SELINUXTYPE=ubuntu

If your organization requires stricter policies, ensure that they are set in the /etc/selinux/config file.

  • ubuntu1604/1/6/1/3.txt
  • Last modified: 2017/05/02 17:02
  • by 127.0.0.1