View the security misconfiguration catalog
  • Misconfiguration Name
  • SELinux policy is not set to run in enforced mode
  • Description
  • SELinux gives that extra layer of security to the resources in the system. It provides the MAC (mandatory access control) as contrary to the DAC (Discretionary access control). SELinux can operate in any of the 3 modes. Enforced - Actions contrary to the policy are blocked and a corresponding event is logged in the audit log. Permissive -¬†¬†Actions contrary to the policy are only logged in the audit log. Disabled - The SELinux is disabled entirely. Fixing this misconfiguration will configure SELinux to operate in enforced mode.
  • Severity
  • critical
  • Category
  • Linux - SELinux Hardening
  • Resolution
  • Follow the below steps to resolve the misconfiguration. Edit the /etc/selinux/config file to set the SELINUX parameter: SELINUX=enforcing
  • Potential issues that may arise after applying the resolution
  • Altering the existing security setting may create the following impact in your network operations.
  • Does remediation require reboot?
  • No