← Rules Catalog
mediumsystemverified rollback-safe

Set SELinux policy to targeted

selinux-policy-targeted · RHEL ≥ 8 · 1 impl

Description

SELinux must use the targeted policy type to provide appropriate mandatory access control for system services.

Rationale

The targeted policy confines network-facing services while allowing most user processes to run unconfined. This provides a practical balance of security and usability.

Check → Remediate

Checkconfig_value
path:
/etc/selinux/config
key:
SELINUXTYPE
expected:
targeted
Remediateconfig_set
path:
/etc/selinux/config
key:
SELINUXTYPE
value:
targeted
separator:
=

Framework references

CIS

rhel8 1.3.1.3rhel9 1.3.1.3rhel10 1.3.1.3

STIG

V-258079V-230282 / RHEL-08-010450V-281249 / RHEL-10-700400

NIST 800-53

AC-3

Live verification

rhel10:checkrhel8:checkrhel9:check
#selinux#policy#mandatory-access-control#stig