STIGQter STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020: SUSE operating system file systems that are used with removable media must be mounted to prevent files with the setuid and setgid bit set from being executed.

DISA Rule

SV-91933r3_rule

Vulnerability Number

V-77237

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

SLES-12-010800

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the SUSE operating system "/etc/fstab" file to use the "nosuid" option on file systems that are associated with removable media.

Check Contents

Verify SUSE operating system file systems used for removable media are mounted with the "nosuid" option.

Check the file systems that are mounted at boot time with the following command:

# more /etc/fstab

UUID=2bc871e4-e2a3-4f29-9ece-3be60c835222 /mnt/usbflash vfat noauto,owner,ro,nosuid 0 0

If a file system found in "/etc/fstab" refers to removable media and it does not have the "nosuid" option set, this is a finding.

Vulnerability Number

V-77237

Documentable

False

Rule Version

SLES-12-010800

Severity Override Guidance

Verify SUSE operating system file systems used for removable media are mounted with the "nosuid" option.

Check the file systems that are mounted at boot time with the following command:

# more /etc/fstab

UUID=2bc871e4-e2a3-4f29-9ece-3be60c835222 /mnt/usbflash vfat noauto,owner,ro,nosuid 0 0

If a file system found in "/etc/fstab" refers to removable media and it does not have the "nosuid" option set, this is a finding.

Check Content Reference

M

Target Key

2903

Comments