CCE-92561-0| Platform: cpe:/o:oracle:linux:7 | Date: (C)2019-11-07 (M)2023-07-04 |
If the 'auditd' daemon is configured to use the
'augenrules' program to read audit rules during daemon startup (the
default), add the following line to a file with suffix '.rules' in the
directory '/etc/audit/rules.d':
'-w /etc/selinux/ -p wa -k MAC-policy'
If the 'auditd' daemon is configured to use the 'auditctl'
utility to read audit rules during daemon startup, add the following line to
'/etc/audit/audit.rules' file:
'-w /etc/selinux/ -p wa -k MAC-policy'
Parameter:
[yes/no]
Technical Mechanism:
The system's mandatory access policy (SELinux) should not be
arbitrarily changed by anything other than administrator action. All changes to
MAC policy should be audited.
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 5.9 | Attack Vector: LOCAL |
| Exploit Score: 2.5 | Attack Complexity: LOW |
| Impact Score: 3.4 | Privileges Required: NONE |
| Severity: MEDIUM | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| | Confidentiality: LOW |
| | Integrity: LOW |
| | Availability: LOW |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:49503 |
