This shows you the differences between two versions of the page.

Link to this comparison view

ubuntu1604:1:1:19 [2017/05/02 12:47] (current)
Piotr Kłoczewski utworzono
Line 1: Line 1:
 +====== 1.1.19 Ensure noexec option set on removable media partitions (Not Scored) ====== 
 +=====Profile Applicability===== ​  
 +Level 1 - Server  
 +Level 1 - Workstation 
 +The ''​noexec''​ mount option specifies that the filesystem cannot contain executable binaries. 
 +Setting this option on a file system prevents users from executing programs from the removable media. This deters users from being able to introduce potentially malicious software on the system. 
 +Run the following command and verify that the ''​noexec''​ option is set on all removable media partitions. 
 +# mount 
 +Edit the ''/​etc/​fstab''​ file and add ''​noexec''​ to the fourth field (mounting options) of all removable media partitions. Look for entries that have mount points that contain words such as floppy or cdrom. See the ''​fstab(5)''​ manual page for more information.