STIGQter STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The audit system must be configured to audit modifications to the systems Mandatory Access Control (MAC) configuration (SELinux).

DISA Rule

SV-208892r603263_rule

Vulnerability Number

V-208892

Group Title

SRG-OS-000480

Rule Version

OL6-00-000183

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Add the following to "/etc/audit/audit.rules":

-w /etc/selinux/ -p wa -k MAC-policy

Check Contents

To determine if the system is configured to audit changes to its SELinux configuration files, run the following command:

$ sudo grep -w "/etc/selinux" /etc/audit/audit.rules

If the system is configured to watch for changes to its SELinux configuration, a line should be returned (including "-p wa" indicating permissions that are watched).

If the system is not configured to audit attempts to change the MAC policy, this is a finding.

Vulnerability Number

V-208892

Documentable

False

Rule Version

OL6-00-000183

Severity Override Guidance

To determine if the system is configured to audit changes to its SELinux configuration files, run the following command:

$ sudo grep -w "/etc/selinux" /etc/audit/audit.rules

If the system is configured to watch for changes to its SELinux configuration, a line should be returned (including "-p wa" indicating permissions that are watched).

If the system is not configured to audit attempts to change the MAC policy, this is a finding.

Check Content Reference

M

Target Key

2928

Comments