SELinux

You can file an issue about it and ask that it be added.

SELinux

SELinux is a feature of the Linux kernel which can be used to guard against misconfigured or compromised programs. SELinux enforces the idea that programs should be limited in what files they can access and what actions they can take.

Ensure SELinux state is enforcing

Rationale

Setting the SELinux state to enforcing ensures SELinux is able to confine potentially compromised processes to the security policy, which is designed to prevent them from causing damage to the system or further elevating their privileges.

Solution

On all interfaces

# Edit /etc/selinux/config:
SELINUX=enforcing

^{C2S/CIS: CCE-27334-2 (High)}

Useful resources

The Practical Linux Hardening Guide provides a high-level overview of the hardening GNU/Linux systems. It is not an official standard or handbook but it touches and use industry standards.

Basic information

`Core Layer`

`Kernel Layer`

`Extended Layer`

Entropy
Compilers
Devices

`Logging & Auditing`

Syslog
OSSEC
Tiger
Aide
Logwatch

`System Services`

NTP
Cron
GnuPG 2

`Other Services`

Bind9
Unbound
Postfix
Nginx
Apache
PostgreSQL
MySQL
Redis
AMQP

`Containers`

LXC/LXD
Docker

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

SELinux

Table of Contents

SELinux

Ensure SELinux state is enforcing

Rationale

Solution

On all interfaces

Useful resources

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Basic information

`Core Layer`

`Kernel Layer`

`Extended Layer`

`Logging & Auditing`

`System Services`

`Other Services`

`Containers`

Clone this wiki locally