STIGQter STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

SUSE operating system file systems that are used with removable media must be mounted to prevent files with the setuid and setgid bit set from being executed.

DISA Rule

SV-234999r622137_rule

Vulnerability Number

V-234999

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

SLES-15-040150

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the SUSE operating system "/etc/fstab" file to use the "nosuid" option on file systems that are associated with removable media.

Check Contents

Verify SUSE operating system file systems used for removable media are mounted with the "nosuid" option.

Check the file systems that are mounted at boot time with the following command:

> more /etc/fstab

UUID=2bc871e4-e2a3-4f29-9ece-3be60c835222 /mnt/usbflash vfat noauto,owner,ro,nosuid 0 0

If a file system found in "/etc/fstab" refers to removable media and it does not have the "nosuid" option set, this is a finding.

Vulnerability Number

V-234999

Documentable

False

Rule Version

SLES-15-040150

Severity Override Guidance

Verify SUSE operating system file systems used for removable media are mounted with the "nosuid" option.

Check the file systems that are mounted at boot time with the following command:

> more /etc/fstab

UUID=2bc871e4-e2a3-4f29-9ece-3be60c835222 /mnt/usbflash vfat noauto,owner,ro,nosuid 0 0

If a file system found in "/etc/fstab" refers to removable media and it does not have the "nosuid" option set, this is a finding.

Check Content Reference

M

Target Key

5274

Comments