<  Back to rules search

SELinux enforcement disabled

Classification:

attack

Tactic:

TA0005-defense-evasion

Technique:

T1562-impair-defenses

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

Detect when SELinux enforcement is disabled.

Strategy

This detection monitors the change of SELinux enforcing mode.

Triage & Response

  1. Check which user or process disabled SELinux enforcing mode.
  2. If the change is not expected, roll back to enable SELinux enforcing mode.
  3. Investigate security signals (if present) occurring around the time of the event to establish an attack path.
  4. Find and repair the root cause of the attack.

Requires Agent version 7.30 or greater