libopenscap8 1.2.15-1build1 / usr / share / openscap / sectool-sce / 09_selinux.sh

This file is indexed.

/usr/share/openscap/sectool-sce/09_selinux.sh is in libopenscap8 1.2.15-1build1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#!/bin/bash

SELINUX_STATE=`/usr/sbin/getenforce | tr '[A-Z]' '[a-z]'`

if [[ -z "$XCCDF_VALUE_EXPECTED_STATE" ]]; then
    XCCDF_VALUE_EXPECTED_STATE="enforcing"
    echo "WARNING: Using default expected state!"
else
    XCCDF_VALUE_EXPECTED_STATE="$(echo $XCCDF_VALUE_EXPECTED_STATE | tr '[A-Z]' '[a-z]')"
fi

if [[ $SELINUX_STATE != $XCCDF_VALUE_EXPECTED_STATE ]]
then
	echo "Selinux is in "$SELINUX_STATE" state."
	echo "Expected state: "$XCCDF_VALUE_EXPECTED_STATE

	if [[ $XCCDF_VALUE_EXPECTED_STATE == "enforcing" ]]; then
	    echo "Using Enforing state is highly recommended. See selinux manual page for switching to Enforcing state."
	fi

	exit $XCCDF_RESULT_FAIL
fi

exit $XCCDF_RESULT_PASS

APT Browse - Built by Thomas Orozco.