search

ansible-lockdown / RHEL8-STIG

Ansible role for Red Hat 8 STIG Baseline
https://ansible-lockdown.readthedocs.io
MIT License
99 stars 58 forks source link

Implement SELinux Multi-Level Security (MLS) #152

Open ccravens opened 1 year ago

ccravens commented 1 year ago

Feature Request or Enhancement

Summary of Request SELinux has an additional Multi-Level Security option, I'd like to make a configurable option where SELinux will be installed and configured with MLS enabled: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/using-multi-level-security-mls_using-selinux

Describe alternatives you've considered N/A

Suggested Code

I can go ahead and work on this feature, but wanted to submit an issue for feedback and I'll follow up with a PR

uk-bolly commented 1 year ago

hi @ccravens

Thats a very interesting enhancement. I was waiting to see if this has become a part of the latest STIG. While it doesn't appear as an option. Id been keen to see what other feel about adding this enhancement? I will mention in in discord also to see if this is of some use ( I can see this will become a thing maybe in later releases).

Thanks as always

uk-bolly

BJSmithIEEE commented 7 months ago

The fun is coming, as elementary RBAC has been added in V-254520 / RHEL-08-040400. Let the breakage begin!

https://github.com/ansible-lockdown/RHEL8-STIG/blame/18d8335a420f91849a4e69cfe5371c15eddf9615/tasks/fix-cat2.yml#L7634

For you reading (and very likely POA&M) pleasure ...

https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2023-12-01/finding/V-254520