UCF STIG Viewer Logo

All device files must be monitored by the system Linux Security Module.


Finding ID Version Rule ID IA Controls Severity
V-217864 RHEL-06-000025 SV-217864r505923_rule Low
If a device file carries the SELinux type "unlabeled_t", then SELinux cannot properly restrict access to the device file.
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2020-09-03


Check Text ( C-19345r376607_chk )
To check for unlabeled device files, run the following command:

# ls -RZ /dev | grep unlabeled_t

It should produce no output in a well-configured system.

If there is output, this is a finding.
Fix Text (F-19343r376608_fix)
Device files, which are used for communication with important system resources, should be labeled with proper SELinux types. If any device files carry the SELinux type "unlabeled_t", investigate the cause and correct the file's context.