-
Notifications
You must be signed in to change notification settings - Fork 671
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce rule to check if SELinux is not Disabled #10575
Introduce rule to check if SELinux is not Disabled #10575
Conversation
While highly recommended to use SELinux in enforcing mode, there are cases where site policy allows it to run in permissive mode. In this case, the only requirement is not to disable it. This rule meets this scenario.
The CIS requirement 1.6.1.4 is now updated to automated since the selinux_not_disabled rule was included.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just one minor nitpick.
Thanks for the new rule.
linux_os/guide/system/selinux/selinux_not_disabled/oval/shared.xml
Outdated
Show resolved
Hide resolved
….xml Co-authored-by: Matthew Burket <m@tthewburket.com>
Code Climate has analyzed commit 1ad1dd3 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 52.4% (0.0% change). View more on Code Climate. |
Description:
While highly recommended to use SELinux in
enforcing
mode, there are cases where site policy allows it to run inpermissive
mode. In this case, the only requirement is not to disable it.This rule meets this scenario.
Rationale:
Better CIS coverage for RHEL 8 and RHEL 9.