STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 6 Security Technical Implementation Guide Version: 1 Release: 24 Benchmark Date: 25 Oct 2019: All device files must be monitored by the system Linux Security Module.

DISA Rule

SV-65589r1_rule

Vulnerability Number

V-51379

Group Title

SRG-OS-999999

Rule Version

RHEL-06-000025

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Device files, which are used for communication with important system resources, should be labeled with proper SELinux types. If any device files carry the SELinux type "unlabeled_t", investigate the cause and correct the file's context.

Check Contents

To check for unlabeled device files, run the following command:

# ls -RZ /dev | grep unlabeled_t

It should produce no output in a well-configured system.

If there is output, this is a finding.

Vulnerability Number

V-51379

Documentable

False

Rule Version

RHEL-06-000025

Severity Override Guidance

To check for unlabeled device files, run the following command:

# ls -RZ /dev | grep unlabeled_t

It should produce no output in a well-configured system.

If there is output, this is a finding.

Check Content Reference

M

Target Key

2367

Comments