CCE-55014-5Platform: cpe:/o:redhat:enterprise_linux:8,cpe:/o:oracle:linux:7,cpe:/o:oracle:linux:8,cpe:/o:amazon:linux:2,cpe:/o:redhat:enterprise_linux:9,cpe:/o:redhat:enterprise_linux:7,cpe:/o:centos:centos:7 | Date: (C)2024-01-08 (M)2024-04-23 |
Description: The `nodev` mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var/log filesystem is not intended to support devices, set this option to ensure
that users cannot create a block or character special devices in /var/log . Audit: Verify that the `nodev` option is set if a `/var` partition exists.Run the following command and verify that nothing is returned:# mount | grep -E '\s/var/log\s' | grep -v nodev Remediation: Edit the `/etc/fstab` file and add `nodev` to the fourth field (mounting options) for the `/var/log` partition. See the `fstab(5)` manual page for more information.# mount -o remount,nodev /var/log.
Parameter:
[yes/no]
Technical Mechanism:
Run the following command to remount /var/log:
# mount -o remount,nodev /var/log
CCSS Severity: | CCSS Metrics: |
CCSS Score : 3.3 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 1.4 | Privileges Required: LOW |
Severity: LOW | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | Scope: UNCHANGED |
| Confidentiality: NONE |
| Integrity: NONE |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97249 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97450 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:96261 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97483 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97187 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97511 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97218 |