Add checks for mount options (noexec, nosuid, nodev) #163
Comments
cmhe
added a commit
to siemens/linux-baseline
that referenced
this issue
Oct 26, 2021
Setting the `noexec`, `nosuid` and `nodev` mount options for mount points where those features are not required, limits possible attack vectors. Closes: dev-sec#163 Signed-off-by: Claudius Heine <[email protected]>
cmhe
added a commit
to siemens/linux-baseline
that referenced
this issue
Oct 26, 2021
Setting the `noexec`, `nosuid` and `nodev` mount options for mount points where those features are not required, limits possible attack vectors. Closes: dev-sec#163 Signed-off-by: Claudius Heine <[email protected]>
cmhe
added a commit
to siemens/linux-baseline
that referenced
this issue
Oct 26, 2021
Setting the `noexec`, `nosuid` and `nodev` mount options for mount points where those features are not required, limits possible attack vectors. Closes: dev-sec#163 Signed-off-by: Claudius Heine <[email protected]>
cmhe
added a commit
to siemens/linux-baseline
that referenced
this issue
Oct 26, 2021
Setting the `noexec`, `nosuid` and `nodev` mount options for mount points where those features are not required, limits possible attack vectors. Closes: dev-sec#163 Signed-off-by: Claudius Heine <[email protected]>
cmhe
added a commit
to siemens/linux-baseline
that referenced
this issue
Oct 26, 2021
Setting the `noexec`, `nosuid` and `nodev` mount options for mount points where those features are not required, limits possible attack vectors. Closes: dev-sec#163 Signed-off-by: Claudius Heine <[email protected]>
cmhe
added a commit
to siemens/linux-baseline
that referenced
this issue
Nov 3, 2021
Setting the `noexec`, `nosuid` and `nodev` mount options for mount points where those features are not required, limits possible attack vectors. Closes: dev-sec#163 Signed-off-by: Claudius Heine <[email protected]>
chris-rock
pushed a commit
that referenced
this issue
Nov 23, 2021
Setting the `noexec`, `nosuid` and `nodev` mount options for mount points where those features are not required, limits possible attack vectors. Closes: #163 Signed-off-by: Claudius Heine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Mount options like 'noexec', 'nosuid' and 'nodev' allow limiting the attack vector by disabling unintended functionality of mount points.
Describe the solution you'd like
Implement a rule that allows checking for those mount options
Additional context
Lynis implemented a test for this as well: https://github.com/CISOfy/lynis/blob/3.0.6/include/tests_filesystems#L554
The text was updated successfully, but these errors were encountered: