STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Remote file systems must be mounted with the nosuid option.

DISA Rule

SV-209009r603263_rule

Vulnerability Number

V-209009

Group Title

SRG-OS-000480

Rule Version

OL6-00-000270

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Add the "nosuid" option to the fourth column of "/etc/fstab" for the line which controls mounting of any NFS mounts.

Check Contents

To verify the "nosuid" option is configured for all NFS mounts, run the following command:

$ mount | grep nfs

All NFS mounts should show the "nosuid" setting in parentheses, along with other mount options.
If the setting does not show, this is a finding.

Vulnerability Number

V-209009

Documentable

False

Rule Version

OL6-00-000270

Severity Override Guidance

To verify the "nosuid" option is configured for all NFS mounts, run the following command:

$ mount | grep nfs

All NFS mounts should show the "nosuid" setting in parentheses, along with other mount options.
If the setting does not show, this is a finding.

Check Content Reference

M

Target Key

2928

Comments