CCE-90855-8Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Ensure SELinux Not Disabled in /etc/grub.conf
SELinux can be disabled at boot time by an argument in
'/etc/grub.conf'.
Remove any instances of 'selinux=0' from the kernel arguments in that
file to prevent SELinux from being disabled at boot.
Parameter:
Technical Mechanism:
Disabling a major host protection feature, such as SELinux, at boot time prevents
it from confining system services at boot time. Further, it increases
the chances that it will remain off during system operation.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30528 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31251 |