highsystemverified ✓rollback-safe
Set SELinux to enforcing mode
selinux-enforcing · RHEL ≥ 8 · 1 impl
Description
SELinux must be configured in enforcing mode to provide mandatory access control enforcement.
Rationale
Enforcing mode ensures SELinux policies are actively applied and violations are blocked. Permissive mode only logs violations without enforcing, leaving the system vulnerable.
Check → Remediate
Checkselinux_state
- state:
- Enforcing
Remediateconfig_set
- path:
- /etc/selinux/config
- key:
- SELINUX
- value:
- enforcing
- separator:
- =
Framework references
CIS
rhel8 1.3.1.5rhel9 1.3.1.5rhel10 1.3.1.5
STIG
V-281251 / RHEL-10-700420V-258078V-230240
NIST 800-53
AC-3AC-25
Live verification
rhel10:checkrhel8:checkrhel9:check
#selinux#mandatory-access-control#security#stig