Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
ubuntu1604:1:1:17 [2017/05/02 12:36]
Piotr Kłoczewski utworzono
ubuntu1604:1:1:17 [2017/05/04 18:51]
Piotr Kłoczewski [Audit]
Line 10: Line 10:
 Removable media containing character and block special devices could be used to circumvent security controls by allowing non-root users to access sensitive device files such as ''/​dev/​kmem''​ or the raw disk partitions. Removable media containing character and block special devices could be used to circumvent security controls by allowing non-root users to access sensitive device files such as ''/​dev/​kmem''​ or the raw disk partitions.
 =====Audit===== ​ =====Audit===== ​
-Run the following command and verify that the nodev option is set on all removable media partitions.+Run the following command and verify that the ''​nodev'' ​option is set on all removable media partitions.
 <​Code:​bash>​ <​Code:​bash>​
-#mount+# mount
 </​Code>​ </​Code>​
 =====Remediation===== ​ =====Remediation===== ​
 Edit the ''/​etc/​fstab''​ file and add ''​nodev''​ to the fourth field (mounting options) of all removable media partitions. Look for entries that have mount points that contain words such as floppy or cdrom. See the ''​fstab(5)''​ manual page for more information. Edit the ''/​etc/​fstab''​ file and add ''​nodev''​ to the fourth field (mounting options) of all removable media partitions. Look for entries that have mount points that contain words such as floppy or cdrom. See the ''​fstab(5)''​ manual page for more information.