Check SELINUX enforced


When I try to run an NMAP scan from a scanpoint placed on a RHEL7 server, it fails because SELINUX is enforced in /etc/selinux/config, this setting is part of our CIS baseline.

My question is, why this check, what is the problem running NMAP with SELINUX enforced ?

Thanks in advance :slight_smile:

Have you verified that all ERRATAS are in place on this RHEL7 endpoint?

No, because it fails due to a check made in the action code, see below :

continue if {not exists file “/etc/selinux/config” whose (exists line whose (it as lowercase = “selinux=enforcing”) of it)}