top | item 41461284

(no title)

For some distributions, CIS benchmarks (also used by various other security tools) now include guidelines for SELinux.

I couldn't find it in the Debian spec (probably because it uses AppArmor), but the RHEL benchmark has these.

Currently, server level 1 only requires permissive mode:

  CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server — 1.3.1.4 Ensure the SELinux mode is not disabled

... While server level 2 specifies enforcing mode:

  CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Server — 1.3.1.5 Ensure the SELinux mode is enforcing

discuss

No comments yet.