UCF STIG Viewer Logo

All device files must be monitored by the system Linux Security Module.


Finding ID Version Rule ID IA Controls Severity
V-51379 RHEL-06-000025 SV-65589r1_rule Low
If a device file carries the SELinux type "unlabeled_t", then SELinux cannot properly restrict access to the device file.
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2015-05-26


Check Text ( C-53719r1_chk )
To check for unlabeled device files, run the following command:

# ls -RZ /dev | grep unlabeled_t

It should produce no output in a well-configured system.

If there is output, this is a finding.
Fix Text (F-56179r1_fix)
Device files, which are used for communication with important system resources, should be labeled with proper SELinux types. If any device files carry the SELinux type "unlabeled_t", investigate the cause and correct the file's context.