Details
Set SELinux to enable when the system is booted.
Rationale:
SELinux must be enabled at boot time in to ensure that the controls it provides are in effect at all times.
Solution
Edit the /etc/selinux/config file to set the SELINUX parameter:
SELINUX=enforcing
Edit /etc/default/grub and add the following parameters to the GRUB_CMDLINE_LINUX= line:
enforcing=1
Example:
GRUB_CMDLINE_LINUX_DEFAULT=’quiet’
GRUB_CMDLINE_LINUX=’selinux=1 security=selinux enforcing=1 audit=1′
Run the following command to update the grub2 configuration:
# update-grub
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.