iCompaas Support

Profile Applicability:
 • Level 1

Description:
 SETroubleshoot is a tool that provides detailed SELinux alerts and troubleshooting information. While useful for debugging, it can expose sensitive information and increase the attack surface if installed on production systems where such detail is unnecessary.

Rationale:
 Removing or not installing SETroubleshoot reduces potential information leakage and minimizes the risk exposure of SELinux-related vulnerabilities.

Impact:
 Pros:

• Reduces attack surface by eliminating unnecessary packages.
  

• Limits exposure of sensitive SELinux alert information.
  

Cons:

• May reduce the ability to quickly troubleshoot SELinux issues.
  

Default Value:
 SETroubleshoot may be installed by default on some SELinux-enabled distributions.

Pre-requisites:

• Root or sudo privileges to manage installed packages.
  

Remediation:

Test Plan:

Using Linux command line:

1. Check if SETroubleshoot is installed:

rpm -q setroubleshoot

2. Confirm that the package is not installed.

Implementation Plan:

Using Linux command line:

1. Remove SETroubleshoot if installed:

yum remove setroubleshoot -y

2. Verify removal:

rpm -q setroubleshoot

Backout Plan:

Using Linux command line:

1. Reinstall SETroubleshoot if needed

yum install setroubleshoot -y

2. Verify installation:

rpm -q setroubleshoot

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• SELinux Project Documentation