Ensure the MCS Translation Service (mcstrans) is not installed
Details The mcstransd daemon provides category label information to client processes requesting information. The label translations are defined in /etc/selinux/targeted/setrans.conf...
- Home
- Security Hardening
- CIS Oracle Linux 7 Workstation L1 V3.1.1
CIS Oracle Linux 7 Workstation L1 V3.1.1
Ensure the SELinux mode is enforcing or permissive – /etc/selinux/config
Details SELinux can run in one of three modes: disabled, permissive, or enforcing: Enforcing – Is the default, and recommended,...Ensure the SELinux mode is enforcing or permissive – getenforce
Details SELinux can run in one of three modes: disabled, permissive, or enforcing: Enforcing – Is the default, and recommended,...Ensure /tmp is configured
Details The /tmp directory is a world-writable directory used for temporary storage by all users and some applications. Rationale: Making...Ensure /var/tmp partition includes the nodev option
Details The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var/tmp filesystem is not...Ensure /var/tmp partition includes the noexec option
Details The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /var/tmp filesystem is only...Ensure /var/tmp partition includes the nosuid option
Details The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/tmp filesystem is only...Ensure XD/NX support is enabled
Details Recent processors in the x86 family support the ability to prevent code execution on a per memory page basis....