diff --git a/defaults/main.yml b/defaults/main.yml
index 0b66a03..36ad9c9 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,5 @@
 ---
-# defaults file for ensure_selinux
\ No newline at end of file
+# defaults file for ensure_selinux
+selinux_policy: 'targeted'
+selinux_state: 'enforcing'
+
diff --git a/tasks/main.yml b/tasks/main.yml
index 45905b8..45ba7d7 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,2 +1,12 @@
 ---
-# tasks file for ensure_selinux
\ No newline at end of file
+# tasks file for ensure_selinux
+- name: 'Ensure SELinux is enforcing'
+  ansible.posix.selinux:
+    policy: '{{ selinux_policy }}'
+    state: '{{ selinux_state }}'
+  register: 'results'
+- name: 'Reboot if required'
+  when:
+    - results.reboot_required
+  reboot:
+