CCE-90922-6Platform: cpe:/o:centos:centos:7, cpe:/o:redhat:enterprise_linux:7 | Date: (C)2017-06-29 (M)2023-07-04 |
The SELinux state should be set to 'enforcing' at
system boot time. In the file '/etc/selinux/config', add or correct the
following line to configure the system to boot into enforcing mode:
'SELINUX=enforcing'
Parameter:
[enforcing/permissive/disabled]
Technical Mechanism:
Setting the SELinux state to enforcing ensures SELinux is able to confine
potentially compromised processes to the security policy, which is designed to
prevent them from causing damage to the system or further elevating their
privileges.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 9.8 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: CRITICAL | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30578 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31301 |