1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
documentation_complete: true
title: Verify Group Who Owns /etc/selinux Directory
description: '{{{ describe_file_group_owner(file="/etc/selinux", group="root") }}}'
rationale: |-
The ownership of the /etc/selinux directory by the root group is important
because this directory hosts SELinux configuration. Protection of this
directory is critical for system security. Assigning the ownership to root
ensures exclusive control of the SELinux configuration.
severity: medium
identifiers:
cce@rhel8: CCE-86273-0
cce@rhel9: CCE-86274-8
cce@rhel10: CCE-87637-5
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/selinux", group="root") }}}'
ocil: |-
{{{ ocil_file_group_owner(file="/etc/selinux", group="root") }}}
fixtext: '{{{ fixtext_file_group_owner(file="/etc/selinux", group="root") }}}'
srg_requirement: '{{{ srg_requirement_file_group_owner(file="/etc/selinux", group="root") }}}'
template:
name: file_groupowner
vars:
filepath: /etc/selinux/
gid_or_name: root
|
