Ensure SELinux is not disabled in bootloader configuration – selinux

Details

Configure SELINUX to be enabled at boot time and verify that it has not been overwritten by the grub boot parameters. SELinux must be enabled at boot time in your grub configuration to ensure that the controls it provides are not overridden.

NOTE – SELinux does not appear to be installed.

Solution

Edit /boot/grub/menu.lst and remove all instances of selinux=0 and enforcing=0 on all kernel lines.

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/1864https://workbench.cisecurity.org/files/1864

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

800-53|AC-3(3)
CSCv6|14.4

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles