Ensure mounting of squashfs filesystems is disabled – modprobe
Details The squashfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems (similar to cramfs )....
- Home
- Security Hardening
- CIS Amazon Linux 2 STIG V1.0.0 L1
CIS Amazon Linux 2 STIG V1.0.0 L1
Ensure mounting of udf filesystems is disabled – lsmod
Details The udf filesystem type is the universal disk format used to implement ISO/IEC 13346 and ECMA-167 specifications. This is...Ensure mounting of udf filesystems is disabled – modprobe
Details The udf filesystem type is the universal disk format used to implement ISO/IEC 13346 and ECMA-167 specifications. This is...Ensure nodev option set on /dev/shm partition
Details The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /dev/shm filesystem is not...Ensure nodev option set on /home partition
Details The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the user partitions are not...Ensure nodev option set on /tmp partition
Details The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /tmp filesystem is not...Ensure noexec option set on /dev/shm partition
Details The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Setting this option on a file...Ensure noexec option set on /tmp partition
Details The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /tmp filesystem is only...Ensure noexec option set on /var/tmp partition
Details The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /var/tmp filesystem is only...Ensure nosuid option set on /dev/shm partition
Details The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Setting this option on a file...