SV-230509r627750_rule
V-230509
SRG-OS-000368-GPOS-00154
RHEL-08-040121
CAT II
10
Configure the system so that /dev/shm is mounted with the "nosuid" option by adding /modifying the /etc/fstab with the following line:
tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
Verify "/dev/shm" is mounted with the "nosuid" option:
$ sudo mount | grep /dev/shm
tmpfs on /dev/shm type tmpfs (rw,nodev,nosuid,noexec,seclabel)
Verify that the "nosuid" option is configured for /dev/shm:
$ sudo cat /etc/fstab | grep /dev/shm
tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
If results are returned and the "nosuid" option is missing, or if /dev/shm is mounted without the "nosuid" option, this is a finding.
V-230509
False
RHEL-08-040121
Verify "/dev/shm" is mounted with the "nosuid" option:
$ sudo mount | grep /dev/shm
tmpfs on /dev/shm type tmpfs (rw,nodev,nosuid,noexec,seclabel)
Verify that the "nosuid" option is configured for /dev/shm:
$ sudo cat /etc/fstab | grep /dev/shm
tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
If results are returned and the "nosuid" option is missing, or if /dev/shm is mounted without the "nosuid" option, this is a finding.
M
2921