1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
documentation_complete: true
title: 'Disable the selinuxuser_execstack SELinux Boolean'
description: |-
By default, the SELinux boolean <tt>selinuxuser_execstack</tt> is enabled.
This setting should be disabled as unconfined executables should not be able
to make their stack executable.
{{{ describe_sebool_disable(sebool="selinuxuser_execstack") }}}
rationale: |-
Disabling code execution from the stack blocks buffer overflow attacks.
severity: medium
identifiers:
cce@rhel8: CCE-80951-7
cce@rhel9: CCE-84089-2
cce@rhel10: CCE-87842-1
cce@sle12: CCE-91578-5
cce@sle15: CCE-91422-6
references:
hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3),164.308(a)(4),164.310(b),164.310(c),164.312(a),164.312(e)
{{{ complete_ocil_entry_sebool_disabled(sebool="selinuxuser_execstack") }}}
template:
name: sebool
vars:
seboolid: selinuxuser_execstack
|
