Workload misconfigurations

Ensure that, if applicable, SELinux security options are set (Automated)

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

SELinux is an effective and easy-to-use Linux application security system. It is available by default on some distributions such as Red Hat and Fedora.
  • Recommended Mitigation

    If SELinux is applicable for your Linux OS, you should use it. 1. Set the SELinux State. 2. Set the SELinux Policy. 3. Create or import a SELinux policy template for Docker containers. 4. Start Docker in daemon mode with SELinux enabled. For example: docker daemon --selinux-enabled. or by adding the following to the daemon.json configuration file: selinux-enabled: true. 5. Start your Docker container using the security options. For example: docker run --interactive --tty --security-opt label=level:TopSecret centos /bin/bash