Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
ubuntu1604:1:1:4 [2017/05/02 00:15]
Piotr Kłoczewski utworzono
ubuntu1604:1:1:4 [2017/05/02 12:12] (current)
Line 1: Line 1:
 ====== 1.1.4 Ensure nosuid option set on /tmp partition (Scored) ====== ====== 1.1.4 Ensure nosuid option set on /tmp partition (Scored) ======
-**Profile Applicability:** \\  +=====Profile Applicability=====   
-   +<code> 
-<note>Level 1 - Server ​\\  +Level 1 - Server  
-Level 1 - Workstation</​note+Level 1 - Workstation 
- +</code
-**Description:** \\  +=====Description===== 
-The ''​nosuid''​ mount option specifies that the filesystem cannot contain ''​setuid''​ files. ​\\ \\  +The ''​nosuid''​ mount option specifies that the filesystem cannot contain ''​setuid''​ files. 
-**Rationale:** \\  +=====Rationale===== 
-Since the ''/​tmp''​ filesystem is only intended for temporary file storage, set this option to ensure that users cannot create ''​setuid''​ files in ''/​tmp''​. ​\\ \\  +Since the ''/​tmp''​ filesystem is only intended for temporary file storage, set this option to ensure that users cannot create ''​setuid''​ files in ''/​tmp''​. 
-**Audit:** \\ +=====Audit===== 
 If a ''/​tmp''​ partition exists run the following command and verify that the ''​nosuid''​ option is set on ''/​tmp'':​ \\  If a ''/​tmp''​ partition exists run the following command and verify that the ''​nosuid''​ option is set on ''/​tmp'':​ \\ 
 <​Code:​bash>​ <​Code:​bash>​
Line 15: Line 15:
 tmpfs on /tmp type tmpfs (rw,​nosuid,​nodev,​noexec,​relatime) tmpfs on /tmp type tmpfs (rw,​nosuid,​nodev,​noexec,​relatime)
 </​Code>​ </​Code>​
-\\ +=====Remediation===== 
-**Remediation:** \\ +
 Edit the ''/​etc/​fstab''​ file and add ''​nosuid''​ to the fourth field (mounting options) for the ''/​tmp''​ partition. See the ''​fstab(5)''​ manual page for more information. \\  Edit the ''/​etc/​fstab''​ file and add ''​nosuid''​ to the fourth field (mounting options) for the ''/​tmp''​ partition. See the ''​fstab(5)''​ manual page for more information. \\ 
 Run the following command to remount ''/​tmp'': ​ Run the following command to remount ''/​tmp'': ​
Line 22: Line 21:
 # mount -o remount,​nosuid /tmp # mount -o remount,​nosuid /tmp
 </​Code>​ </​Code>​
-\\ \\ +=====Notes=====  
-**Notes:** \\  +''​systemd'' ​includes the ''​tmp.mount''​ service which should be used instead of configuring ''/​etc/​fstab''​. Mounting options are configured in the ''​Options''​ setting in ''/​etc/​systemd/​system/​tmp.mount''​.
-systemd includes the ''​tmp.mount''​ service which should be used instead of configuring ''/​etc/​fstab''​. Mounting options are configured in the ''​Options''​ setting in ''/​etc/​systemd/​system/​tmp.mount''​.+