Ensure SELinux Not Disabled in zIPL

An XCCDF Rule

Details
Profiles
Prose

Description

To ensure SELinux is not disabled at boot time, check that no boot entry in /boot/loader/entries/*.conf has selinux=0 included in its options.

Rationale

Disabling a major host protection feature, such as SELinux, at boot time prevents it from confining system services at boot time. Further, it increases the chances that it will remain off during system operation.

ID: xccdf_org.ssgproject.content_rule_zipl_enable_selinux
Severity: Medium
Updated: about 1 year ago