diff --git a/benchmarks/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.md b/benchmarks/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.md
new file mode 100644
index 0000000000000000000000000000000000000000..1876f51c201fa23dee1c0900bca921ebd64b725a
--- /dev/null
+++ b/benchmarks/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.md
@@ -0,0 +1,36 @@
+# 5.9 确保SETroubleshoot被卸载
+
+## 安全等级
+
+- Level 1
+
+## 描述
+
+SETroubleshoot服务通过用户友好的界面通知桌面用户SELinux拒绝服务。该服务提供关于配置错误的重要信息以及未经授权的入侵和其他潜在错误。
+
+## 修复建议
+
+目标：确保SETroubleshoot被卸载
+
+1. 运行以下命令卸载setroubleshoot。
+
+```bash
+# dnf remove setroubleshoot -y
+```
+
+## 扫描检测
+
+验证setroubleshoot是否安装
+
+1. 运行以下命令以检测是否安装 setroubleshoot。
+
+```bash
+# rpm -q setroubleshoot
+package setroubleshoot is not installed
+```
+
+输出结果为`package setroubleshoot is not installed`则表示未安装setroubleshoot。
+
+## 参考
+
+- cis: <https://www.cisecurity.org/benchmark/aliyun_linux>
\ No newline at end of file
diff --git a/docs/summary-of-rules.md b/docs/summary-of-rules.md
index 5d6a607631b1959f5b92ed63ed30a3c713d0b2a2..0c20f36a362b02198d92bc327272b38a312ab433 100644
--- a/docs/summary-of-rules.md
+++ b/docs/summary-of-rules.md
@@ -183,4 +183,5 @@
 | 5.5      | 5.5-ensure-no-unconfined-services-exist.md                   | 5.5 确保没有未限制的服务存在                         | benchmarks/mandatory-access-control | 4     |
 | 5.6      | 5.6-use-selinux-for-separation-of-powers-user-created.md     | 5.6 使用SELinux实现三权分离-用户创建                 | benchmarks/mandatory-access-control | 4     |
 | 5.7      | 5.7-use-selinux-for-separation-of-powers-system-administrator-login-permission-configuration.md | 5.7 使用SELinux实现三权分离-系统管理员登录权限配置   | benchmarks/mandatory-access-control | 4     |
-| 5.8      | 5.8-create-common-audit-and-security-users.md                | 5.8 创建普通、审计、安全用户                         | benchmarks/mandatory-access-control | 2     |
\ No newline at end of file
+| 5.8      | 5.8-create-common-audit-and-security-users.md                | 5.8 创建普通、审计、安全用户                         | benchmarks/mandatory-access-control | 2     |
+| 5.9      | 5.9-ensure-setroubleshoot-is-not-installed.md                | 5.9 确保setroubleshoot被卸载                        | benchmarks/mandatory-access-control | 1     |
\ No newline at end of file
diff --git a/remediation-kits/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.sh b/remediation-kits/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.sh
new file mode 100644
index 0000000000000000000000000000000000000000..9f67a73b853936c24b3f365538fa3d49dcf3ea3e
--- /dev/null
+++ b/remediation-kits/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.sh
@@ -0,0 +1 @@
+dnf remove -y setroubleshoot
diff --git a/scanners/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.sh b/scanners/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.sh
new file mode 100644
index 0000000000000000000000000000000000000000..44763208e61562cf4517846ed691b82e3ec84c27
--- /dev/null
+++ b/scanners/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+result=false
+
+rpm -q setroubleshoot |  grep -Psiq "^package\s+setroubleshoot\s+is\s+not\s+installed$" && result=true
+
+if [ "$result" = true ]; then
+    echo "pass"
+else
+    echo "fail"
+fi