Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-51379 | RHEL-06-000025 | SV-65589r1_rule | Low |
Description |
---|
If a device file carries the SELinux type "unlabeled_t", then SELinux cannot properly restrict access to the device file. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2018-03-01 |
Check Text ( C-53719r1_chk ) |
---|
To check for unlabeled device files, run the following command: # ls -RZ /dev | grep unlabeled_t It should produce no output in a well-configured system. If there is output, this is a finding. |
Fix Text (F-56179r1_fix) |
---|
Device files, which are used for communication with important system resources, should be labeled with proper SELinux types. If any device files carry the SELinux type "unlabeled_t", investigate the cause and correct the file's context. |