< Back to rules searchSELinux enforcement disabled
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when SELinux enforcement is disabled.
Strategy
This detection monitors the change of SELinux enforcing mode.
Triage & Response
- Check which user or process disabled SELinux enforcing mode.
- If the change is not expected, roll back to enable SELinux enforcing mode.
- Investigate security signals (if present) occurring around the time of the event to establish an attack path.
- Find and repair the root cause of the attack.
Requires Agent version 7.30 or greater