Navigate

Check: GEN002430

SUSE Linux Enterprise Server v11 for System z STIG: GEN002430 (in versions v1 r12 through v1 r9)

Title

Removable media, remote file systems, and any file system not containing approved device files must be mounted with the nodev option. (Cat II impact)

Discussion

The "nodev" (or equivalent) mount option causes the system to not handle device files as system devices. This option must be used for mounting any file system not containing approved device files. Device files can provide direct access to system hardware and can compromise security if not protected.

Check Content

Check /etc/fstab and verify the "nodev" mount option is used on any filesystems mounted from removable media or network shares. If any filesystem mounted from removable media or network shares does not have this option, this is a finding.

Fix Text

Edit /etc/fstab and add the "nodev" option to any filesystems mounted from removable media or network shares.

Additional Identifiers

Rule ID: SV-45190r1_rule

Vulnerability ID: V-22368

Group Title: GEN002430

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings