STIG: Rule xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons fails on PCP processes
Issue
-
Evaluation of the system with CIS Server-L1 Profile fails on the following rule
Title Ensure No Daemons are Unconfined by SELinux Rule xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons Ident CCE-80867-5 Result fail
-
Searching for
unconfined_service_t
processes, 2 processes part of PCP services are found# ps -eafZ | grep unconfined_service_t system_u:system_r:unconfined_service_t:s0 pcp 2673 1 [...] /usr/libexec/pcp/bin/pmpause system_u:system_r:unconfined_service_t:s0 pcp 2853 1 [...] /usr/libexec/pcp/bin/pmpause # grep "name=systemd" /proc/{2673,2853}/cgroup /proc/2673/cgroup:1:name=systemd:/system.slice/pmie_farm.service /proc/2853/cgroup:1:name=systemd:/system.slice/pmlogger_farm.service
Note: PIDs may vary.
Environment
- Red Hat Enterprise Linux 8 and 9
- PCP
- DISA/STIG CIS Server-L1 compliance
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.