Add noexec Option to Removable Media Partitions
The 'noexec' mount option prevents the direct
execution of binaries on the mounted filesystem.
Preventing the direct execution of binaries from removable media (such as a USB
key) provides a defense against malicious software that may be present on such
untrusted media.
Add the 'noexec' option to the fourth column of '/etc/fstab' for the line which controls mounting of any removable media partitions.
Rationale:
Allowing users to execute binaries from removable media such as USB keys exposes
the system to potential compromise.
Fix:
No Remediation Info
oval:org.secpod.oval:def:30304
oval:org.secpod.oval:def:31027
SCAP Repo OVAL Definition
2015-11-13