1.1.16 Ensure noexec option set on /dev/shm partition (Scored)

Level 1 - Server 
Level 1 - Workstation

Description

The noexec mount option specifies that the filesystem cannot contain executable binaries.

Setting this option on a file system prevents users from executing programs from shared memory. This deters users from introducing potentially malicious software on the system.

Run the following command and verify that the noexec option is set on /run/shm.

# mount | grep /dev/shm 
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime)

Edit the /etc/fstab file and add noexec to the fourth field (mounting options) for the /dev/shm partition. See the fstab(5) manual page for more information.
Run the following command to remount /dev/shm:

# mount -o remount,nodev /dev/shm

1.1.16 Ensure noexec option set on /dev/shm partition (Scored)

Profile Applicability

Description

Rationale

Audit

Remediation

SecScan