{"description": "SELinux is a feature of the Linux kernel which can be\nused to guard against misconfigured or compromised programs.\nSELinux enforces the idea that programs should be limited in what\nfiles they can access and what actions they can take.\n<br /><br />\nThe default SELinux policy, as configured on Ubuntu 22.04, has been\nsufficiently developed and debugged that it should be usable on\nalmost any system with minimal configuration and a small\namount of system administrator training. This policy prevents\nsystem services - including most of the common network-visible\nservices such as mail servers, FTP servers, and DNS servers - from\naccessing files which those services have no valid reason to\naccess. This action alone prevents a huge amount of possible damage\nfrom network attacks against services, from trojaned software, and\nso forth.\n<br /><br />\nThis guide recommends that SELinux be enabled using the\ndefault (targeted) policy on every Ubuntu 22.04 system, unless that\nsystem has unusual requirements which make a stronger policy\nappropriate.", "warnings": [], "requires": [], "conflicts": [], "values": ["var_selinux_policy_name", "var_selinux_state"], "groups": ["selinux-booleans"], "rules": ["coreos_enable_selinux_kernel_argument", "directory_groupowner_etc_selinux", "directory_owner_etc_selinux", "directory_permissions_etc_selinux", "file_groupowner_etc_sestatus_conf", "file_owner_etc_sestatus_conf", "file_permissions_etc_sestatus_conf", "grub2_enable_selinux", "package_libselinux_installed", "package_mcstrans_removed", "package_policycoreutils-python-utils_installed", "package_policycoreutils_installed", "package_setroubleshoot-plugins_removed", "package_setroubleshoot-server_removed", "package_setroubleshoot_removed", "selinux_all_devicefiles_labeled", "selinux_confine_to_least_privilege", "selinux_confinement_of_daemons", "selinux_context_elevation_for_sudo", "selinux_not_disabled", "selinux_policytype", "selinux_state", "selinux_user_login_roles"], "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "title": "SELinux", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/selinux/group.yml"}