Closed ghunsl closed 1 year ago
Likewise, for CIS v3.1.2 Level 1 Server for CentOS 7.
ps -eZ | grep unconfined_service_t
system_u:system_r:unconfined_service_t:s0 1279 ? 00:00:00 amazon-ssm-agen
system_u:system_r:unconfined_service_t:s0 1359 ? 00:00:00 ssm-agent-worke
Installed version
amazon-ssm-agent.x86_64 3.1.1004.0-1
Official SELinux https://github.com/aws/amazon-ssm-agent-selinux. Note: this is for Amazon Linux at this point.
We have created a feature request To support other Linux flavor include RHEL 7 . Please note that we have a backlog of feature requests. We'll prioritize and work on those requests as they come in.
amazon-ssm-agent
is running inunconfined_service_t
domain which is a violation according to the latest CIS document. (i.e. CIS v3.1.1 for RHEL7 - section 1.6.1.6 Ensure no unconfined services exist) A selinux policies or settings required foramazon-ssm-agent
to make it run in its own confined space.