Details
Configure SELINUX to be enabled at boot time and verify that it has not been overwritten by the grub boot parameters. SELinux must be enabled at boot time in your grub configuration to ensure that the controls it provides are not overridden.
Solution
Edit /etc/default/grub and remove all instances of selinux=0 and enforcing=0 from all CMDLINE_LINUX parameters: GRUB_CMDLINE_LINUX_DEFAULT=”quiet”GRUB_CMDLINE_LINUX=”” Run the following command to update the grub2 configuration: # update-grub
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.