CCE-90601-6Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Add nodev Option to Removable Media Partitions
The 'nodev' mount option prevents files from being
interpreted as character or block devices.
Legitimate character and block devices should exist only in
the '/dev' directory on the root partition or within chroot
jails built for system services.
Parameter:
Technical Mechanism:
Add the 'nodev' option to the fourth column of '/etc/fstab' for the line which controls mounting of any removable media partitions.
Rationale:
The only legitimate location for device files is the '/dev' directory
located on the root partition. An exception to this is chroot jails, and it is
not advised to set 'nodev' on partitions which contain their root
filesystems.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31017 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30294 |