Ensure SELinux is not disabled in bootloader configuration – enforcing=0
Details Configure SELINUX to be enabled at boot time and verify that it has not been overwritten by the grub...
- Home
- Security Hardening
- CIS Distribution Independent Linux Server L2 V2.0.0
CIS Distribution Independent Linux Server L2 V2.0.0
Ensure SELinux is not disabled in bootloader configuration – selinux=0
Details Configure SELINUX to be enabled at boot time and verify that it has not been overwritten by the grub...Ensure SELinux or AppArmor are installed
Details SELinux and AppArmor provide Mandatory Access Controls. Rationale: Without a Mandatory Access Control system installed only the default Discretionary...Ensure SELinux policy is configured
Details Configure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only. Rationale: Security...Ensure separate partition exists for /home
Details The /home directory is used to support disk storage needs of local users. Rationale: If the system is intended...Ensure separate partition exists for /var
Details The /var directory is used by daemons and other system services to temporarily store dynamic data. Some directories created...Ensure separate partition exists for /var/log
Details The /var/log directory is used by system services to store log data . Rationale: There are two important reasons...Ensure separate partition exists for /var/log/audit
Details The auditing daemon, auditd , stores log data in the /var/log/audit directory. Rationale: There are two important reasons to...Ensure separate partition exists for /var/tmp
Details The /var/tmp directory is a world-writable directory used for temporary storage by all users and some applications. Rationale: Since...Ensure SETroubleshoot is not installed
Details The SETroubleshoot service notifies desktop users of SELinux denials through a user- friendly interface. The service provides important information...