An XCCDF Group - A logical subset of the XCCDF Benchmark
policycoreutils-python-utils
$ sudo yum install policycoreutils-python-utils
policycoreutils
$ sudo yum install policycoreutils
setroubleshoot-plugins
$ sudo yum erase setroubleshoot-plugins
setroubleshoot-server
$ sudo yum erase setroubleshoot-server
setroubleshoot
$ sudo yum erase setroubleshoot
/etc/default/grub
selinux=0
init
unconfined_service_t
$ sudo ps -eZ | grep "unconfined_service_t"
enforcing
permissive
/etc/selinux/config
SELINUX=enforcing
SELINUX=permissive
targeted
SELINUXTYPE=
mls
SELINUX=
deny_execmem
$ sudo setsebool -P deny_execmem
polyinstantiation_enabled
$ sudo setsebool -P polyinstantiation_enabled
secure_mode_insmod
$ sudo setsebool -P secure_mode_insmod
selinuxuser_execheap
$ sudo setsebool -P selinuxuser_execheap off
selinuxuser_execmod
$ sudo setsebool -P selinuxuser_execmod on
selinuxuser_execstack
$ sudo setsebool -P selinuxuser_execstack off
ssh_sysadm_login
$ sudo setsebool -P ssh_sysadm_login off
auditadm_exec_content
$ sudo setsebool -P auditadm_exec_content on
authlogin_nsswitch_use_ldap
$ sudo setsebool -P authlogin_nsswitch_use_ldap off
authlogin_radius
$ sudo setsebool -P authlogin_radius off
kerberos_enabled
$ sudo setsebool -P kerberos_enabled on
libselinux
$ sudo yum install libselinux
/etc/selinux
$ sudo chgrp root /etc/selinux
$ sudo chown root /etc/selinux
$ sudo chmod 0755 /etc/selinux
/etc/sestatus.conf
$ sudo chgrp root /etc/sestatus.conf
$ sudo chown root /etc/sestatus.conf
$ sudo chmod 0644 /etc/sestatus.conf
device_t
unlabeled_t
$ sudo find /dev -context *:device_t:* \( -type c -o -type b \) -printf "%p %Z\n"
$ sudo find /dev -context *:unlabeled_t:* \( -type c -o -type b \) -printf "%p %Z\n"