Verify Permissions On /etc/selinux Directory
An XCCDF Rule
Description
To properly set the permissions of /etc/selinux, run the command:
$ sudo chmod 0755 /etc/selinux
Rationale
Setting correct permissions on the /etc/selinux directory is important because this directory hosts SELinux configuration. Protection of this directory is critical for system security. Restricting the permissions ensures exclusive control of the SELinux configuration.
- ID
- xccdf_org.ssgproject.content_rule_directory_permissions_etc_selinux
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Find /etc/selinux/ file(s)
command: 'find -H /etc/selinux/ -maxdepth 1 -perm /u+s,g+ws,o+wt -type d '
register: files_found
changed_when: false
failed_when: false
check_mode: false
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
find -H /etc/selinux/ -maxdepth 1 -perm /u+s,g+ws,o+wt -type d -exec chmod u-s,g-ws,o-wt {} \;
else