You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As part of the latest RHEL 7 STIG update referenced in #3370, a new rule has been added. Information about the rule is outlined below:
Red Hat Enterprise Linux 7 Security Technical Implementation Guide :: Release: 1 Benchmark Date: 27 Jul 2018
Vuln ID: V-81009 Rule ID: SV-95721r1_rule STIG ID: RHEL-07-021022
Severity: CAT III Check Reference: M Classification: Unclass
Group Title: SRG-OS-000368-GPOS-00154
Rule Title: The Red Hat Enterprise Linux operating system must mount /dev/shm with the nodev option.
Discussion: The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
Check Text: Verify that the "nodev" option is configured for /dev/shm.
Check that the operating system is configured to use the "nodev" option for /dev/shm with the following command:
If the "nodev" option is not present on the line for "/dev/shm", this is a finding.
Verify "/dev/shm" is mounted with the "nodev" option:
# mount | grep "/dev/shm" | grep nodev
If no results are returned, this is a finding.
Fix Text: Configure the "/etc/fstab" to use the "nodev" option for all lines containing "/dev/shm".
References
CCI: CCI-001764: The information system prevents program execution in accordance with organization-defined policies regarding software program usage and restrictions, and/or rules authorizing the terms and conditions of software program usage.
NIST SP 800-53 Revision 4 :: CM-7 (2)
The text was updated successfully, but these errors were encountered:
This rule verifies a default setting in RHEL 7 - mounting /dev/shm with the nodev option. A rule should be added to the DISA STIG profile in SSG to ensure that the default behavior is maintained. There is a Red Hat KB article outlining how to change the options for /dev/shm at https://access.redhat.com/solutions/1384183. Adding the rule will ensure that the default behavior is enforced.
As part of the latest RHEL 7 STIG update referenced in #3370, a new rule has been added. Information about the rule is outlined below:
The text was updated successfully, but these errors were encountered: