STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:

The Red Hat Enterprise Linux operating system must mount /dev/shm with secure options.

DISA Rule

SV-204486r603261_rule

Vulnerability Number

V-204486

Group Title

SRG-OS-000368-GPOS-00154

Rule Version

RHEL-07-021024

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the system so that /dev/shm is mounted with the "nodev", "nosuid", and "noexec" options by adding /modifying the /etc/fstab with the following line:

tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0

Check Contents

Verify that the "nodev","nosuid", and "noexec" options are configured for /dev/shm:

# cat /etc/fstab | grep /dev/shm

tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0

If results are returned and the "nodev", "nosuid", or "noexec" options are missing, this is a finding.

Verify "/dev/shm" is mounted with the "nodev", "nosuid", and "noexec" options:

# mount | grep /dev/shm

tmpfs on /dev/shm type tmpfs (rw,nodev,nosuid,noexec,seclabel)

If /dev/shm is mounted without secure options "nodev", "nosuid", and "noexec", this is a finding.

Vulnerability Number

V-204486

Documentable

False

Rule Version

RHEL-07-021024

Severity Override Guidance

Verify that the "nodev","nosuid", and "noexec" options are configured for /dev/shm:

# cat /etc/fstab | grep /dev/shm

tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0

If results are returned and the "nodev", "nosuid", or "noexec" options are missing, this is a finding.

Verify "/dev/shm" is mounted with the "nodev", "nosuid", and "noexec" options:

# mount | grep /dev/shm

tmpfs on /dev/shm type tmpfs (rw,nodev,nosuid,noexec,seclabel)

If /dev/shm is mounted without secure options "nodev", "nosuid", and "noexec", this is a finding.

Check Content Reference

M

Target Key

2899

Comments