Details
Configure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only.
Rationale:
Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the default policy, which is perfectly acceptable. This item is intended to ensure that at least the default recommendations are met.
Solution
Edit the /etc/selinux/config file to set the SELINUXTYPE parameter:
Example vim /etc/selinux/config
SELINUXTYPE=targeted
Notes:
If your organization requires stricter policies, ensure that they are set in the /etc/selinux/config file.
This Benchmark recommendation maps to:
Red Hat Enterprise Linux 7 Security Technical Implementation Guide:
Version 2, Release: 3 Benchmark Date: 26 Apr 2019
Vul ID: V-71991
Rule ID: SV-86615r4_rule
STIG ID: RHEL-07-020220
Severity: CAT I
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.