CCE-90612-3Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Add noexec Option to Removable Media Partitions
The 'noexec' mount option prevents the direct
execution of binaries on the mounted filesystem.
Preventing the direct execution of binaries from removable media (such as a USB
key) provides a defense against malicious software that may be present on such
untrusted media.
Parameter:
Technical Mechanism:
Add the 'noexec' option to the fourth column of '/etc/fstab' for the line which controls mounting of any removable media partitions.
Rationale:
Allowing users to execute binaries from removable media such as USB keys exposes
the system to potential compromise.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30304 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31027 |