Title: Ensure nosuid option set on /var/log/audit partition Description: The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/log/audit filesystem is only intended for variable files such as logs, set this option to ensure that users cannot create setuid files in /var/log/audit . Audit: Verify that the nosuid option is set for the /var/log/audit mount. Run the following command to verify that the nosuid mount option is set. Example: # findmnt --kernel /var/log/audit | grep nosuid /var/log/audit /dev/sdb ext4 rw,nosuid,nodev,noexec,relatime,seclabel Remediation: Edit the /etc/fstab file and add nosuid to the fourth field (mounting options) for the /var/log/audit partition. Example: <device> /var/log/audit <fstype> defaults,rw,nosuid,nodev,noexec ,relatime 0 0 Run the following command to remount /var/log/audit with the configured options: # mount -o remount /var/log/audit

[Yes/No]

Remediation: Edit the /etc/fstab file and add nosuid to the fourth field (mounting options) for the /var/log/audit partition. Example: <device> /var/log/audit <fstype> defaults,rw,nosuid,nodev,noexec ,relatime 0 0 Run the following command to remount /var/log/audit with the configured options: # mount -o remount /var/log/audit