OL6-00-000025 – All device files must be monitored by the system Linux Security Module.

Details

If a device file carries the SELinux type ‘unlabeled_t’, then SELinux cannot properly restrict access to the device file.

Solution

Device files, which are used for communication with important system resources, should be labeled with proper SELinux types. If any device files carry the SELinux type ‘unlabeled_t’, investigate the cause and correct the file’s context.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_6_V1R18_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CAT|III
CCI|CCI-000366
Group-ID|V-59371
Rule-ID|SV-208803r603263_rule
STIG-ID|OL6-00-000025
STIG-Legacy|SV-73801
STIG-Legacy|V-59371
Vuln-ID|V-208803

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles