You can file an issue about it and ask that it be added.

• SELinux
  • Ensure SELinux state is enforcing
  • Ensure SELinux not disabled in /etc/default/grub
  • Ensure no daemons are unconfined by SELinux
  • Uninstall mcstrans package

SELinux is a feature of the Linux kernel which can be used to guard against misconfigured or compromised programs. SELinux enforces the idea that programs should be limited in what files they can access and what actions they can take.

Setting the SELinux state to enforcing ensures SELinux is able to confine potentially compromised processes to the security policy, which is designed to prevent them from causing damage to the system or further elevating their privileges.

# Edit /etc/selinux/config:
SELINUX=enforcing

^{C2S/CIS: CCE-27334-2 (High)}

Disabling a major host protection feature, such as SELinux, at boot time prevents it from confining system services at boot time. Further, it increases the chances that it will remain off during system operation.

# Remove from /etc/default/grub:
selinux=0

^{C2S/CIS: CCE-26961-3 (Medium)}

Daemons which run with the initrc_t context may cause AVC denials, or allow privileges that the daemon does not require.

ps -eZ | egrep "initrc" | egrep -vw "tr|ps|egrep|bash|awk" | tr ':' ' ' | awk '{ print $NF }'

^{C2S/CIS: CCE-27288-0 (Medium)}

Since this service is not used very often, disable it to reduce the amount of potentially vulnerable code running on the system. NOTE: This rule was added in support of the CIS RHEL6 v1.2.0 benchmark. Please note that Red Hat does not feel this rule is security relevant.

yum erase mcstrans

^{C2S/CIS: CCE-80445-0 (Unknown)}