|
|
|
|
|
|
by ruthmarx
656 days ago
|
|
|
I've never seen SELinux as a requirement for any auditing, and I've done a fair amount of auditing. It's not the only project like it, it's the one that is most well known because it has the NSA attached and because it got incorporated into the main kernel. It works in practice, absolutely, but most people are too intimidated or lazy to put in the effort to learn it. |
|
|
I couldn't find it in the Debian spec (probably because it uses AppArmor), but the RHEL benchmark has these.
Currently, server level 1 only requires permissive mode:
https://www.tenable.com/audits/items/CIS_Red_Hat_Enterprise_...
... While server level 2 specifies enforcing mode:https://www.tenable.com/audits/items/CIS_Red_Hat_Enterprise_...