Ensure noexec option set on removable media partitions
Details The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Setting this option on a file...
- Home
- Security Hardening
- CIS Debian Family Server L1 V1.0.0
CIS Debian Family Server L1 V1.0.0
Ensure noexec option set on /tmp partition
Details The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /tmp filesystem is only...Ensure noexec option set on /var/tmp partition
Details The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /var/tmp filesystem is only...Ensure nosuid option set on /dev/shm partition
Details The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Setting this option on a file...Ensure nosuid option set on removable media partitions
Details The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Setting this option on a file...Ensure nosuid option set on /tmp partition
Details The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /tmp filesystem is only...Ensure nosuid option set on /var/tmp partition
Details The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/tmp filesystem is only...Ensure package manager repositories are configured
Details Systems need to have package manager repositories configured to ensure they receive the latest patches and updates. Rationale: If...Ensure permissions on bootloader config are configured
Details The grub configuration file contains information on boot settings and passwords for unlocking boot options. Notes: This recommendation is...Ensure sticky bit is set on all world-writable directories
Details Setting the sticky bit on world writable directories prevents users from deleting or renaming files in that directory that...