Cheat Sheets

Security - SELinux enabled

Description

Uses 'sestatus' to check if SELinux is enabled. Checks grub.cfg for not having selinux=0.

Tags

  • CCE-26956-3
  • CCE-26969-6

Check Script: security-selinux-enabled.sh

if ! sestatus 2>/dev/null | grep -q enabled; then
	result_failed "sestatus does not report 'enabled'"
fi

if grep -q "^[[:space:]]*[^#]selinux=0" /boot/grub/grub.cfg; then result_failed "SELinux disabled in grub.cfg" fi