Cheat Sheets

Security - Remote FS Mounts

Description

All remote FS mounts need to use nodev and nosuid

Tags

  • CCE-27090-0
  • CCE-26972-0

Check Script: security-remote-fs-mounts.sh

# FIXME: Complete list of remote FS
missing_nodev=$(mount | egrep 'type (nfs|gluster)' | egrep -v 'nodev|nfsd')
missing_nosuid=$(mount | egrep 'type (nfs|gluster)' | egrep -v 'nosuid|nfsd')

if [ "$missing_nodev" != "" ]; then result_failed "Remote FS mount without nodev option: $missing_nodev" fi if [ "$missing_nosuid" != "" ]; then result_failed "Remote FS mount without nosuid option: $missing_nosuid" fi