1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
documentation_complete: true
title: Verify User Who Owns /etc/selinux Directory
description: '{{{ describe_file_owner(file="/etc/selinux", owner="root") }}}'
rationale: |-
The ownership of the /etc/selinux directory by the root user is important
because this directory hosts SELinux configuration. Protection of this
directory is critical for system security. Assigning the ownership to root
ensures exclusive control of the SELinux configuration.
severity: medium
identifiers:
cce@rhel8: CCE-86270-6
cce@rhel9: CCE-86271-4
cce@rhel10: CCE-89309-9
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/selinux", owner="root") }}}'
ocil: |-
{{{ ocil_file_owner(file="/etc/selinux", owner="root") }}}
fixtext: '{{{ fixtext_file_owner(file="/etc/selinux", owner="root") }}}'
srg_requirement: '{{{ srg_requirement_file_owner(file="/etc/selinux", owner="root") }}}'
template:
name: file_owner
vars:
filepath: /etc/selinux/
uid_or_name: '0'
|
