Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Red Hat Enterprise Linux CoreOS 4

Rules, Groups, and Values defined within the XCCDF Benchmark

  • conman_can_network SELinux Boolean

    default - Default SELinux boolean setting.
    on - SELinux boolean is enabled.
    off - SELinux boolean is disabled.
    Value
    Show

  • container_connect_any SELinux Boolean

    default - Default SELinux boolean setting.
    on - SELinux boolean is enabled.
    off - SELinux boolean is disabled.
    Value
    Show

  • SELinux

    SELinux is a feature of the Linux kernel which can be used to guard against misconfigured or compromised programs. SELinux enforces the idea that p...
    Group
    Show

  • SELinux policy

    Type of policy in use. Possible values are: <br>targeted - Only targeted network daemons are protected. <br>strict - Full SELinux protection. <br>m...
    Value
    Show

  • SELinux state

    enforcing - SELinux security policy is enforced. <br>permissive - SELinux prints warnings instead of enforcing. <br>disabled - SELinux is fully dis...
    Value
    Show

  • Uninstall setroubleshoot-plugins Package

    The SETroubleshoot plugins are used to analyze SELinux AVC data. The service provides information around configuration errors, unauthorized intrusi...
    Rule Low Severity
    Show

  • Uninstall setroubleshoot-server Package

    The SETroubleshoot service notifies desktop users of SELinux denials. The service provides information around configuration errors, unauthorized in...
    Rule Low Severity
    Show

  • Ensure SELinux Not Disabled in the kernel arguments

    SELinux can be disabled at boot time by disabling it via a kernel argument. Remove any instances of <code>selinux=0</code> from the kernel argument...
    Rule Medium Severity
    Show

  • Ensure SELinux Not Disabled in /etc/default/grub

    SELinux can be disabled at boot time by an argument in <code>/etc/default/grub</code>. Remove any instances of <code>selinux=0</code> from the kern...
    Rule Medium Severity
    Show

  • Ensure No Daemons are Unconfined by SELinux

    Daemons for which the SELinux policy does not contain rules will inherit the context of the parent process. Because daemons are launched during sta...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules