Ensure mounting of udf filesystems is disabled – modprobe
Details The udf filesystem type is the universal disk format used to implement ISO/IEC 13346 and ECMA-167 specifications. This is...
- Home
- Security Hardening
- CIS Amazon Linux 2 V2.0.0 L1
CIS Amazon Linux 2 V2.0.0 L1
Ensure nodev option set on /dev/shm partition
Details The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /dev/shm filesystem is not...Ensure nodev option set on removable media partitions
Details The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Removable media containing character and block...Ensure nodev option set on /tmp partition
Details The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /tmp filesystem is not...Ensure noexec option set on /dev/shm partition
Details The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Setting this option on a file...Ensure noexec option set on /tmp partition
Details The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /tmp filesystem is only...Ensure nosuid option set on /dev/shm partition
Details The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Setting this option on a file...Ensure nosuid option set on removable media partitions
Details The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Setting this option on a file...Ensure nosuid option set on /tmp partition
Details The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /tmp filesystem is only...Ensure no unconfined services exist
Details Unconfined processes run in unconfined domains Note: Occasionally certain daemons such as backup or centralized management software may require...