Title: Ensure noexec option set on /var/log/audit partition Description: The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /var/log/audit filesystem is only intended for audit logs, set this option to ensure that users cannot run executable binaries from /var/log/audit . Audit: Verify that the noexec option is set for the /var/log/audit mount. Run the following command to verify that the noexec mount option is set. Example: # findmnt --kernel /var/log/audit | grep noexec /var/log/audit /dev/sdb ext4 rw,nosuid,nodev,noexec,relatime,seclabel Remediation: Edit the /etc/fstab file and add noexec to the fourth field (mounting options) for the /var partition. Example: <device> /var/log/audit <fstype> defaults,rw,nosuid,nodev,noexec,relatime 0 0 Run the following command to remount /var/log/audit with the configured options: # mount -o remount /var/log/audit

[Yes/No]

Remediation: Edit the /etc/fstab file and add noexec to the fourth field (mounting options) for the /var partition. Example: <device> /var/log/audit <fstype> defaults,rw,nosuid,nodev,noexec,relatime 0 0 Run the following command to remount /var/log/audit with the configured options: # mount -o remount /var/log/audit