mediumsystemverified ✓rollback-safe
Set SELinux policy to targeted
selinux-policy-targeted · RHEL ≥ 8 · 1 impl
Description
SELinux must use the targeted policy type to provide appropriate mandatory access control for system services.
Rationale
The targeted policy confines network-facing services while allowing most user processes to run unconfined. This provides a practical balance of security and usability.
Check → Remediate
Checkconfig_value
- path:
- /etc/selinux/config
- key:
- SELINUXTYPE
- expected:
- targeted
Remediateconfig_set
- path:
- /etc/selinux/config
- key:
- SELINUXTYPE
- value:
- targeted
- separator:
- =
Framework references
CIS
rhel8 1.3.1.3rhel9 1.3.1.3rhel10 1.3.1.3
STIG
V-258079V-230282 / RHEL-08-010450V-281249 / RHEL-10-700400
NIST 800-53
AC-3
Live verification
rhel10:checkrhel8:checkrhel9:check
#selinux#policy#mandatory-access-control#stig