Check: OL6-00-000270
Oracle Linux 6 STIG:
OL6-00-000270
(in versions v2 r7 through v1 r9)
Title
Remote file systems must be mounted with the nosuid option. (Cat II impact)
Discussion
NFS mounts should not present suid binaries to users. Only vendor-supplied suid executables should be installed to their default location on the local filesystem.
Check Content
To verify the "nosuid" option is configured for all NFS mounts, run the following command: $ mount | grep nfs All NFS mounts should show the "nosuid" setting in parentheses, along with other mount options. If the setting does not show, this is a finding.
Fix Text
Add the "nosuid" option to the fourth column of "/etc/fstab" for the line which controls mounting of any NFS mounts.
Additional Identifiers
Rule ID: SV-209009r793730_rule
Vulnerability ID: V-209009
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |