CCE-90857-4Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Ensure No Daemons are Unconfined by SELinux
Daemons for which the SELinux policy does not contain rules will inherit the
context of the parent process. Because daemons are launched during
startup and descend from the 'init' process, they inherit the 'initrc_t' context.
To check for unconfined daemons, run the following command:
'$ sudo ps -eZ | egrep "initrc" | egrep -vw "tr|ps|egrep|bash|awk" | tr ':' ' ' | awk '{ print $NF }''
It should produce no output in a well-configured system.
Parameter:
Technical Mechanism:
Daemons which run with the 'initrc_t' context may cause AVC denials,
or allow privileges that the daemon does not require.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31252 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30529 |