An XCCDF Group - A logical subset of the XCCDF Benchmark
antivirus_can_scan_system
$ sudo setsebool -P antivirus_can_scan_system on
antivirus_use_jit
$ sudo setsebool -P antivirus_use_jit off
auditadm_exec_content
$ sudo setsebool -P auditadm_exec_content on
authlogin_nsswitch_use_ldap
$ sudo setsebool -P authlogin_nsswitch_use_ldap off
authlogin_radius
$ sudo setsebool -P authlogin_radius off
authlogin_yubikey
$ sudo setsebool -P authlogin_yubikey off
awstats_purge_apache_log_files
$ sudo setsebool -P awstats_purge_apache_log_files off
boinc_execmem
$ sudo setsebool -P boinc_execmem off
cdrecord_read_content
$ sudo setsebool -P cdrecord_read_content off
cluster_can_network_connect
$ sudo setsebool -P cluster_can_network_connect off
cluster_manage_all_files
$ sudo setsebool -P cluster_manage_all_files off
cluster_use_execmem
$ sudo setsebool -P cluster_use_execmem off
cobbler_anon_write
$ sudo setsebool -P cobbler_anon_write off
cobbler_can_network_connect
$ sudo setsebool -P cobbler_can_network_connect off
cobbler_use_cifs
$ sudo setsebool -P cobbler_use_cifs off
cobbler_use_nfs
$ sudo setsebool -P cobbler_use_nfs off
collectd_tcp_network_connect
$ sudo setsebool -P collectd_tcp_network_connect off
condor_tcp_network_connect
$ sudo setsebool -P condor_tcp_network_connect off
conman_can_network
$ sudo setsebool -P conman_can_network off
container_connect_any
$ sudo setsebool -P container_connect_any off
cron_can_relabel
$ sudo setsebool -P cron_can_relabel off
cron_system_cronjob_use_shares
$ sudo setsebool -P cron_system_cronjob_use_shares off
cron_userdomain_transition
$ sudo setsebool -P cron_userdomain_transition on
cups_execmem
$ sudo setsebool -P cups_execmem off
cvs_read_shadow
$ sudo setsebool -P cvs_read_shadow off
daemons_dump_core
$ sudo setsebool -P daemons_dump_core off
daemons_enable_cluster_mode
$ sudo setsebool -P daemons_enable_cluster_mode off
daemons_use_tcp_wrapper
$ sudo setsebool -P daemons_use_tcp_wrapper off
daemons_use_tty
$ sudo setsebool -P daemons_use_tty off
dbadm_exec_content
$ sudo setsebool -P dbadm_exec_content on
dbadm_manage_user_files
$ sudo setsebool -P dbadm_manage_user_files off
dbadm_read_user_files
$ sudo setsebool -P dbadm_read_user_files off
deny_execmem
$ sudo setsebool -P deny_execmem
deny_ptrace
$ sudo setsebool -P deny_ptrace off
dhcpc_exec_iptables
$ sudo setsebool -P dhcpc_exec_iptables off
dhcpd_use_ldap
$ sudo setsebool -P dhcpd_use_ldap off
domain_fd_use
$ sudo setsebool -P domain_fd_use on
domain_kernel_load_modules
$ sudo setsebool -P domain_kernel_load_modules off
entropyd_use_audio
$ sudo setsebool -P entropyd_use_audio off
exim_can_connect_db
$ sudo setsebool -P exim_can_connect_db off
exim_manage_user_files
$ sudo setsebool -P exim_manage_user_files off
exim_read_user_files
$ sudo setsebool -P exim_read_user_files off
fcron_crond
$ sudo setsebool -P fcron_crond off
fenced_can_network_connect
$ sudo setsebool -P fenced_can_network_connect off
fenced_can_ssh
$ sudo setsebool -P fenced_can_ssh off
fips_mode
$ sudo setsebool -P fips_mode on
ftpd_anon_write
$ sudo setsebool -P ftpd_anon_write off
ftpd_connect_all_unreserved
$ sudo setsebool -P ftpd_connect_all_unreserved off
ftpd_connect_db
$ sudo setsebool -P ftpd_connect_db off
ftpd_full_access
$ sudo setsebool -P ftpd_full_access off
ftpd_use_cifs
$ sudo setsebool -P ftpd_use_cifs off
ftpd_use_fusefs
$ sudo setsebool -P ftpd_use_fusefs off
ftpd_use_nfs
$ sudo setsebool -P ftpd_use_nfs off
ftpd_use_passive_mode
$ sudo setsebool -P ftpd_use_passive_mode off
git_cgi_enable_homedirs
$ sudo setsebool -P git_cgi_enable_homedirs off
git_cgi_use_cifs
$ sudo setsebool -P git_cgi_use_cifs off
git_cgi_use_nfs
$ sudo setsebool -P git_cgi_use_nfs off
git_session_bind_all_unreserved_ports
$ sudo setsebool -P git_session_bind_all_unreserved_ports off
git_session_users
$ sudo setsebool -P git_session_users off
git_system_enable_homedirs
$ sudo setsebool -P git_system_enable_homedirs off
git_system_use_cifs
$ sudo setsebool -P git_system_use_cifs off
git_system_use_nfs
$ sudo setsebool -P git_system_use_nfs off
gitosis_can_sendmail
$ sudo setsebool -P gitosis_can_sendmail off
glance_api_can_network
$ sudo setsebool -P glance_api_can_network off
glance_use_execmem
$ sudo setsebool -P glance_use_execmem off
glance_use_fusefs
$ sudo setsebool -P glance_use_fusefs off
global_ssp
$ sudo setsebool -P global_ssp off
gluster_anon_write
$ sudo setsebool -P gluster_anon_write off
gluster_export_all_ro
$ sudo setsebool -P gluster_export_all_ro off
gluster_export_all_rw
GlusterFS
$ sudo setsebool -P gluster_export_all_rw off
gpg_web_anon_write
$ sudo setsebool -P gpg_web_anon_write off
gssd_read_tmp
gssd
$ sudo setsebool -P gssd_read_tmp on
guest_exec_content
$ sudo setsebool -P guest_exec_content off
haproxy_connect_any
$ sudo setsebool -P haproxy_connect_any off
httpd_anon_write
$ sudo setsebool -P httpd_anon_write off
httpd_builtin_scripting
httpd
php
$ sudo setsebool -P httpd_builtin_scripting off
httpd_can_check_spam
$ sudo setsebool -P httpd_can_check_spam off
httpd_can_connect_ftp
$ sudo setsebool -P httpd_can_connect_ftp off
httpd_can_connect_ldap
$ sudo setsebool -P httpd_can_connect_ldap off
httpd_can_connect_mythtv
$ sudo setsebool -P httpd_can_connect_mythtv off
httpd_can_connect_zabbix
$ sudo setsebool -P httpd_can_connect_zabbix off
httpd_can_network_connect
$ sudo setsebool -P httpd_can_network_connect off
httpd_can_network_connect_cobbler
$ sudo setsebool -P httpd_can_network_connect_cobbler off
httpd_can_network_connect_db
$ sudo setsebool -P httpd_can_network_connect_db off
httpd_can_network_memcache
$ sudo setsebool -P httpd_can_network_memcache off
httpd_can_network_relay
$ sudo setsebool -P httpd_can_network_relay off
httpd_can_sendmail
$ sudo setsebool -P httpd_can_sendmail off
httpd_dbus_avahi
$ sudo setsebool -P httpd_dbus_avahi off
httpd_dbus_sssd
$ sudo setsebool -P httpd_dbus_sssd off
httpd_dontaudit_search_dirs
$ sudo setsebool -P httpd_dontaudit_search_dirs off
httpd_enable_cgi
CGI
$ sudo setsebool -P httpd_enable_cgi off
httpd_enable_ftp_server
$ sudo setsebool -P httpd_enable_ftp_server off
httpd_enable_homedirs
$ sudo setsebool -P httpd_enable_homedirs off
httpd_execmem
$ sudo setsebool -P httpd_execmem off
httpd_graceful_shutdown
$ sudo setsebool -P httpd_graceful_shutdown on
httpd_manage_ipa
$ sudo setsebool -P httpd_manage_ipa off
httpd_mod_auth_ntlm_winbind
$ sudo setsebool -P httpd_mod_auth_ntlm_winbind off
httpd_mod_auth_pam
$ sudo setsebool -P httpd_mod_auth_pam off
httpd_read_user_content
$ sudo setsebool -P httpd_read_user_content off
httpd_run_ipa
$ sudo setsebool -P httpd_run_ipa off
httpd_run_preupgrade
$ sudo setsebool -P httpd_run_preupgrade off
httpd_run_stickshift
$ sudo setsebool -P httpd_run_stickshift off
httpd_serve_cobbler_files
$ sudo setsebool -P httpd_serve_cobbler_files off
httpd_setrlimit
$ sudo setsebool -P httpd_setrlimit off
httpd_ssi_exec
$ sudo setsebool -P httpd_ssi_exec off
httpd_sys_script_anon_write
$ sudo setsebool -P httpd_sys_script_anon_write off
httpd_tmp_exec
$ sudo setsebool -P httpd_tmp_exec off
httpd_tty_comm
$ sudo setsebool -P httpd_tty_comm off
httpd_unified
$ sudo setsebool -P httpd_unified off
httpd_use_cifs
$ sudo setsebool -P httpd_use_cifs off
httpd_use_fusefs
$ sudo setsebool -P httpd_use_fusefs off
httpd_use_gpg
$ sudo setsebool -P httpd_use_gpg off
httpd_use_nfs
$ sudo setsebool -P httpd_use_nfs off
httpd_use_openstack
$ sudo setsebool -P httpd_use_openstack off
httpd_use_sasl
$ sudo setsebool -P httpd_use_sasl off
httpd_verify_dns
$ sudo setsebool -P httpd_verify_dns off
icecast_use_any_tcp_ports
$ sudo setsebool -P icecast_use_any_tcp_ports off
irc_use_any_tcp_ports
$ sudo setsebool -P irc_use_any_tcp_ports off
irssi_use_full_network
$ sudo setsebool -P irssi_use_full_network off
kdumpgui_run_bootloader
$ sudo setsebool -P kdumpgui_run_bootloader off
kerberos_enabled
$ sudo setsebool -P kerberos_enabled on
ksmtuned_use_cifs
$ sudo setsebool -P ksmtuned_use_cifs off
ksmtuned_use_nfs
$ sudo setsebool -P ksmtuned_use_nfs off
logadm_exec_content
$ sudo setsebool -P logadm_exec_content on
logging_syslogd_can_sendmail
$ sudo setsebool -P logging_syslogd_can_sendmail off
logging_syslogd_run_nagios_plugins
$ sudo setsebool -P logging_syslogd_run_nagios_plugins off
logging_syslogd_use_tty
syslog
$ sudo setsebool -P logging_syslogd_use_tty on
login_console_enabled
/dev/console
$ sudo setsebool -P login_console_enabled on
logrotate_use_nfs
$ sudo setsebool -P logrotate_use_nfs off
logwatch_can_network_connect_mail
$ sudo setsebool -P logwatch_can_network_connect_mail off
lsmd_plugin_connect_any
$ sudo setsebool -P lsmd_plugin_connect_any off
mailman_use_fusefs
$ sudo setsebool -P mailman_use_fusefs off
mcelog_client
$ sudo setsebool -P mcelog_client off
mcelog_exec_scripts
$ sudo setsebool -P mcelog_exec_scripts on
mcelog_foreground
$ sudo setsebool -P mcelog_foreground off
mcelog_server
$ sudo setsebool -P mcelog_server off
minidlna_read_generic_user_content
$ sudo setsebool -P minidlna_read_generic_user_content off
mmap_low_allowed
$ sudo setsebool -P mmap_low_allowed off
mock_enable_homedirs
$ sudo setsebool -P mock_enable_homedirs off
mount_anyfile
$ sudo setsebool -P mount_anyfile on
mozilla_plugin_bind_unreserved_ports
$ sudo setsebool -P mozilla_plugin_bind_unreserved_ports off
mozilla_plugin_can_network_connect
$ sudo setsebool -P mozilla_plugin_can_network_connect off
mozilla_plugin_use_bluejeans
$ sudo setsebool -P mozilla_plugin_use_bluejeans off
mozilla_plugin_use_gps
$ sudo setsebool -P mozilla_plugin_use_gps off
mozilla_plugin_use_spice
$ sudo setsebool -P mozilla_plugin_use_spice off
mozilla_read_content
$ sudo setsebool -P mozilla_read_content off
mpd_enable_homedirs
$ sudo setsebool -P mpd_enable_homedirs off
mpd_use_cifs
$ sudo setsebool -P mpd_use_cifs off
mpd_use_nfs
$ sudo setsebool -P mpd_use_nfs off
mplayer_execstack
$ sudo setsebool -P mplayer_execstack off
mysql_connect_any
$ sudo setsebool -P mysql_connect_any off
nagios_run_pnp4nagios
$ sudo setsebool -P nagios_run_pnp4nagios off
nagios_run_sudo
$ sudo setsebool -P nagios_run_sudo off
named_tcp_bind_http_port
$ sudo setsebool -P named_tcp_bind_http_port off
named_write_master_zones
$ sudo setsebool -P named_write_master_zones off
neutron_can_network
$ sudo setsebool -P neutron_can_network off
nfs_export_all_ro
$ sudo setsebool -P nfs_export_all_ro on
nfs_export_all_rw
$ sudo setsebool -P nfs_export_all_rw on
nfsd_anon_write
$ sudo setsebool -P nfsd_anon_write off
nis_enabled
$ sudo setsebool -P nis_enabled off
nscd_use_shm
nscd
$ sudo setsebool -P nscd_use_shm on
openshift_use_nfs
$ sudo setsebool -P openshift_use_nfs off
openvpn_can_network_connect
$ sudo setsebool -P openvpn_can_network_connect off
openvpn_enable_homedirs
$ sudo setsebool -P openvpn_enable_homedirs off
openvpn_run_unconfined
$ sudo setsebool -P openvpn_run_unconfined off
pcp_bind_all_unreserved_ports
$ sudo setsebool -P pcp_bind_all_unreserved_ports off
pcp_read_generic_logs
$ sudo setsebool -P pcp_read_generic_logs off
piranha_lvs_can_network_connect
$ sudo setsebool -P piranha_lvs_can_network_connect off
polipo_connect_all_unreserved
$ sudo setsebool -P polipo_connect_all_unreserved off
polipo_session_bind_all_unreserved_ports
$ sudo setsebool -P polipo_session_bind_all_unreserved_ports off
polipo_session_users
$ sudo setsebool -P polipo_session_users off
polipo_use_cifs
$ sudo setsebool -P polipo_use_cifs off
polipo_use_nfs
$ sudo setsebool -P polipo_use_nfs off
polyinstantiation_enabled
$ sudo setsebool -P polyinstantiation_enabled
postfix_local_write_mail_spool
$ sudo setsebool -P postfix_local_write_mail_spool on
postgresql_can_rsync
$ sudo setsebool -P postgresql_can_rsync off
postgresql_selinux_transmit_client_label
$ sudo setsebool -P postgresql_selinux_transmit_client_label off
postgresql_selinux_unconfined_dbadm
$ sudo setsebool -P postgresql_selinux_unconfined_dbadm on
postgresql_selinux_users_ddl
$ sudo setsebool -P postgresql_selinux_users_ddl on
pppd_can_insmod
$ sudo setsebool -P pppd_can_insmod off
pppd_for_user
$ sudo setsebool -P pppd_for_user off
privoxy_connect_any
$ sudo setsebool -P privoxy_connect_any off
prosody_bind_http_port
$ sudo setsebool -P prosody_bind_http_port off
puppetagent_manage_all_files
$ sudo setsebool -P puppetagent_manage_all_files off
puppetmaster_use_db
$ sudo setsebool -P puppetmaster_use_db off
racoon_read_shadow
$ sudo setsebool -P racoon_read_shadow off
rsync_anon_write
$ sudo setsebool -P rsync_anon_write off
rsync_client
$ sudo setsebool -P rsync_client off
rsync_export_all_ro
$ sudo setsebool -P rsync_export_all_ro off
rsync_full_access
$ sudo setsebool -P rsync_full_access off
samba_create_home_dirs
$ sudo setsebool -P samba_create_home_dirs off
samba_domain_controller
$ sudo setsebool -P samba_domain_controller off
samba_enable_home_dirs
$ sudo setsebool -P samba_enable_home_dirs off
samba_export_all_ro
$ sudo setsebool -P samba_export_all_ro off
samba_export_all_rw
$ sudo setsebool -P samba_export_all_rw off
samba_load_libgfapi
$ sudo setsebool -P samba_load_libgfapi off
samba_portmapper
$ sudo setsebool -P samba_portmapper off
samba_run_unconfined
$ sudo setsebool -P samba_run_unconfined off
samba_share_fusefs
$ sudo setsebool -P samba_share_fusefs off
samba_share_nfs
$ sudo setsebool -P samba_share_nfs off
sanlock_use_fusefs
$ sudo setsebool -P sanlock_use_fusefs off
sanlock_use_nfs
$ sudo setsebool -P sanlock_use_nfs off
sanlock_use_samba
$ sudo setsebool -P sanlock_use_samba off
saslauthd_read_shadow
$ sudo setsebool -P saslauthd_read_shadow off
secadm_exec_content
$ sudo setsebool -P secadm_exec_content on
secure_mode
$ sudo setsebool -P secure_mode off
secure_mode_insmod
$ sudo setsebool -P secure_mode_insmod
secure_mode_policyload
$ sudo setsebool -P secure_mode_policyload off
selinuxuser_direct_dri_enabled
$ sudo setsebool -P selinuxuser_direct_dri_enabled off
selinuxuser_execheap
$ sudo setsebool -P selinuxuser_execheap off
selinuxuser_execmod
$ sudo setsebool -P selinuxuser_execmod on
selinuxuser_execstack
$ sudo setsebool -P selinuxuser_execstack off
selinuxuser_mysql_connect_enabled
$ sudo setsebool -P selinuxuser_mysql_connect_enabled off
selinuxuser_ping
$ sudo setsebool -P selinuxuser_ping on
selinuxuser_postgresql_connect_enabled
$ sudo setsebool -P selinuxuser_postgresql_connect_enabled off
selinuxuser_rw_noexattrfile
$ sudo setsebool -P selinuxuser_rw_noexattrfile off
selinuxuser_share_music
$ sudo setsebool -P selinuxuser_share_music off
selinuxuser_tcp_server
$ sudo setsebool -P selinuxuser_tcp_server off
selinuxuser_udp_server
$ sudo setsebool -P selinuxuser_udp_server off
selinuxuser_use_ssh_chroot
$ sudo setsebool -P selinuxuser_use_ssh_chroot off
sge_domain_can_network_connect
$ sudo setsebool -P sge_domain_can_network_connect off
sge_use_nfs
$ sudo setsebool -P sge_use_nfs off
smartmon_3ware
$ sudo setsebool -P smartmon_3ware off
smbd_anon_write
$ sudo setsebool -P smbd_anon_write off
spamassassin_can_network
$ sudo setsebool -P spamassassin_can_network off
spamd_enable_home_dirs
$ sudo setsebool -P spamd_enable_home_dirs on
squid_connect_any
$ sudo setsebool -P squid_connect_any off
squid_use_tproxy
$ sudo setsebool -P squid_use_tproxy off
ssh_chroot_rw_homedirs
$ sudo setsebool -P ssh_chroot_rw_homedirs off
ssh_keysign
$ sudo setsebool -P ssh_keysign off
ssh_sysadm_login
$ sudo setsebool -P ssh_sysadm_login off
staff_exec_content
$ sudo setsebool -P staff_exec_content on
staff_use_svirt
$ sudo setsebool -P staff_use_svirt off
swift_can_network
$ sudo setsebool -P swift_can_network off
sysadm_exec_content
$ sudo setsebool -P sysadm_exec_content on
telepathy_connect_all_ports
$ sudo setsebool -P telepathy_connect_all_ports off
telepathy_tcp_connect_generic_network_ports
telepathy
$ sudo setsebool -P telepathy_tcp_connect_generic_network_ports off
tftp_anon_write
$ sudo setsebool -P tftp_anon_write off
tftp_home_dir
$ sudo setsebool -P tftp_home_dir off
tmpreaper_use_nfs
$ sudo setsebool -P tmpreaper_use_nfs off
tmpreaper_use_samba
$ sudo setsebool -P tmpreaper_use_samba off
tor_bind_all_unreserved_ports
$ sudo setsebool -P tor_bind_all_unreserved_ports off
tor_can_network_relay
$ sudo setsebool -P tor_can_network_relay off
unconfined_chrome_sandbox_transition
$ sudo setsebool -P unconfined_chrome_sandbox_transition on
unconfined_login
$ sudo setsebool -P unconfined_login on
unconfined_mozilla_plugin_transition
$ sudo setsebool -P unconfined_mozilla_plugin_transition on
unprivuser_use_svirt
$ sudo setsebool -P unprivuser_use_svirt off
use_ecryptfs_home_dirs
$ sudo setsebool -P use_ecryptfs_home_dirs off
use_fusefs_home_dirs
$ sudo setsebool -P use_fusefs_home_dirs off
use_lpd_server
$ sudo setsebool -P use_lpd_server off
use_nfs_home_dirs
$ sudo setsebool -P use_nfs_home_dirs off
use_samba_home_dirs
$ sudo setsebool -P use_samba_home_dirs off
user_exec_content
$ sudo setsebool -P user_exec_content on
varnishd_connect_any
$ sudo setsebool -P varnishd_connect_any off
virt_read_qemu_ga_data
$ sudo setsebool -P virt_read_qemu_ga_data off
virt_rw_qemu_ga_data
$ sudo setsebool -P virt_rw_qemu_ga_data off
virt_sandbox_use_all_caps
$ sudo setsebool -P virt_sandbox_use_all_caps off
virt_sandbox_use_audit
$ sudo setsebool -P virt_sandbox_use_audit on
virt_sandbox_use_mknod
$ sudo setsebool -P virt_sandbox_use_mknod off
virt_sandbox_use_netlink
$ sudo setsebool -P virt_sandbox_use_netlink off
virt_sandbox_use_sys_admin
$ sudo setsebool -P virt_sandbox_use_sys_admin off
virt_transition_userdomain
$ sudo setsebool -P virt_transition_userdomain off
virt_use_comm
$ sudo setsebool -P virt_use_comm off
virt_use_execmem
$ sudo setsebool -P virt_use_execmem off
virt_use_fusefs
$ sudo setsebool -P virt_use_fusefs off
virt_use_nfs
$ sudo setsebool -P virt_use_nfs off
virt_use_rawip
$ sudo setsebool -P virt_use_rawip off
virt_use_samba
$ sudo setsebool -P virt_use_samba off
virt_use_sanlock
$ sudo setsebool -P virt_use_sanlock off
virt_use_usb
$ sudo setsebool -P virt_use_usb off
virt_use_xserver
$ sudo setsebool -P virt_use_xserver off
webadm_manage_user_files
$ sudo setsebool -P webadm_manage_user_files off
webadm_read_user_files
$ sudo setsebool -P webadm_read_user_files off
wine_mmap_zero_ignore
$ sudo setsebool -P wine_mmap_zero_ignore off
xdm_bind_vnc_tcp_port
$ sudo setsebool -P xdm_bind_vnc_tcp_port off
xdm_exec_bootloader
$ sudo setsebool -P xdm_exec_bootloader off
xdm_sysadm_login
$ sudo setsebool -P xdm_sysadm_login off
xdm_write_home
$ sudo setsebool -P xdm_write_home off
xen_use_nfs
$ sudo setsebool -P xen_use_nfs off
xend_run_blktap
$ sudo setsebool -P xend_run_blktap on
xend_run_qemu
$ sudo setsebool -P xend_run_qemu on
xguest_connect_network
NetworkManager
$ sudo setsebool -P xguest_connect_network off
xguest_exec_content
$ sudo setsebool -P xguest_exec_content off
xguest_mount_media
$ sudo setsebool -P xguest_mount_media off
xguest_use_bluetooth
$ sudo setsebool -P xguest_use_bluetooth off
xserver_clients_write_xshm
$ sudo setsebool -P xserver_clients_write_xshm off
xserver_execmem
$ sudo setsebool -P xserver_execmem off
xserver_object_manager
$ sudo setsebool -P xserver_object_manager off
zabbix_can_network
$ sudo setsebool -P zabbix_can_network off
zarafa_setrlimit
$ sudo setsebool -P zarafa_setrlimit off
zebra_write_config
$ sudo setsebool -P zebra_write_config off
zoneminder_anon_write
$ sudo setsebool -P zoneminder_anon_write off
zoneminder_run_sudo
$ sudo setsebool -P zoneminder_run_sudo off