SV-204486r603261_rule
V-204486
SRG-OS-000368-GPOS-00154
RHEL-07-021024
CAT III
10
Configure the system so that /dev/shm is mounted with the "nodev", "nosuid", and "noexec" options by adding /modifying the /etc/fstab with the following line:
tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
Verify that the "nodev","nosuid", and "noexec" options are configured for /dev/shm:
# cat /etc/fstab | grep /dev/shm
tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
If results are returned and the "nodev", "nosuid", or "noexec" options are missing, this is a finding.
Verify "/dev/shm" is mounted with the "nodev", "nosuid", and "noexec" options:
# mount | grep /dev/shm
tmpfs on /dev/shm type tmpfs (rw,nodev,nosuid,noexec,seclabel)
If /dev/shm is mounted without secure options "nodev", "nosuid", and "noexec", this is a finding.
V-204486
False
RHEL-07-021024
Verify that the "nodev","nosuid", and "noexec" options are configured for /dev/shm:
# cat /etc/fstab | grep /dev/shm
tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
If results are returned and the "nodev", "nosuid", or "noexec" options are missing, this is a finding.
Verify "/dev/shm" is mounted with the "nodev", "nosuid", and "noexec" options:
# mount | grep /dev/shm
tmpfs on /dev/shm type tmpfs (rw,nodev,nosuid,noexec,seclabel)
If /dev/shm is mounted without secure options "nodev", "nosuid", and "noexec", this is a finding.
M
2899