SELinux gives that extra layer of security to the resources in the system. It provides the MAC (mandatory access control) as contrary to the DAC (Discretionary access control). SELinux can operate in any of the 3 modes. Enforced - Actions contrary to the policy are blocked and a corresponding event is logged in the audit log. Permissive - Actions contrary to the policy are only logged in the audit log. Disabled - The SELinux is disabled entirely. Fixing this misconfiguration will configure SELinux to operate in enforced mode.
Severity
critical
Category
Linux - SELinux Hardening
Resolution
Follow the below steps to resolve the misconfiguration.
Edit the /etc/selinux/config file to set the SELINUX parameter:
SELINUX=enforcing
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
