-====== 1.1.17 Ensure nodev option set on removable media partitions (Not Scored) ====== +
-=====Profile Applicability===== ​  +
-<​code>​ +
-Level 1 - Server  +
-Level 1 - Workstation +
-</​code>​ +
-=====Description===== +
-The ''​nodev''​ mount option specifies that the filesystem cannot contain special devices. +
-=====Rationale===== +
-Removable media containing character and block special devices could be used to circumvent security controls by allowing non-root users to access sensitive device files such as ''/​dev/​kmem''​ or the raw disk partitions. +
-=====Audit=====  +
-Run the following command and verify that the nodev option is set on all removable media partitions. +
-<​Code:​bash>​ +
-# mount +
-</​Code>​ +
-=====Remediation=====  +
-Edit the ''/​etc/​fstab''​ file and add ''​nodev''​ to the fourth field (mounting options) of all removable media partitions. Look for entries that have mount points that contain words such as floppy or cdrom. See the ''​fstab(5)''​ manual page for more information.+