Differences

This shows you the differences between two versions of the page.

Link to this comparison view

ubuntu1604:1:1:3 [2017/05/02 00:10]
Piotr Kłoczewski utworzono
ubuntu1604:1:1:3 [2017/05/02 12:11]
Line 1: Line 1:
-====== 1.1.3 Ensure nodev option set on /tmp partition (Scored) ====== 
-**Profile Applicability:​** \\  
-  ​ 
-<​note>​Level 1 - Server \\  
-Level 1 - Workstation</​note>​ 
  
-**Description:​** \\  
-The ''​nodev''​ mount option specifies that the filesystem cannot contain special devices. \\ \\  
-**Rationale:​** \\  
-Since the ''/​tmp''​ filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices in ''/​tmp''​. \\ \\  
-**Audit:** \\  
-If a ''/​tmp''​ partition exists run the following command and verify that the nodev option is set on ''/​tmp'':​ \\  
-<​Code:​bash>​ 
-# mount | grep /tmp  
-tmpfs on /tmp type tmpfs (rw,​nosuid,​nodev,​noexec,​relatime) 
-</​Code>​ 
-\\ 
-**Remediation:​** \\  
-Edit the ''/​etc/​fstab''​ file and add ''​nodev''​ to the fourth field (mounting options) for the ''/​tmp''​ partition. See the ''​fstab(5)''​ manual page for more information. \\  
-Run the following command to remount ''/​tmp'':​\\ ​ 
-<​Code:​bash>​ 
-# mount -o remount,​nodev /tmp 
-</​Code>​ 
-\\ 
-**Notes:** \\  
-systemd includes the ''​tmp.mount''​ service which should be used instead of configuring ''/​etc/​fstab''​. Mounting options are configured in the ''​Options''​ setting in ''/​etc/​systemd/​system/​tmp.mount''​.