Add nodev Option to /dev/shm Partition
Details The nodev mount option specifies that the /dev/shm (temporary filesystem stored in memory) cannot contain block or character special...
- Home
- Security Hardening
- CIS Red Hat Enterprise Linux 5 L1 V2.2 1
CIS Red Hat Enterprise Linux 5 L1 V2.2 1
Add nodev Option to Removable Media Partitions
Details Set nodev on removable media to prevent character and block special devices that are present on the removable be...Add noexec Option to /dev/shm Partition
Details Set noexec on the shared memory partition to prevent programs from executing from there. Rationale: Setting this option on...Add noexec Option to Removable Media Partitions
Details Set noexec on removable media to prevent programs from executing from the removable media. Rationale: Setting this option on...Add nosuid Option to /dev/shm Partition
Details The nosuid mount option specifies that the /dev/shm (temporary filesystem stored in memory) will not execute setuid and setgid...Add nosuid Option to Removable Media Partitions
Details Set nosuid on removable media to prevent setuid and setgid executable files that are on that media from being...Configure Connection to the RHN RPM Repositories
Details Systems need to be registered with the Red Hat Network (RHN) to receive patch updates. This is usually configured...Configure ExecShield – kernel.exec-shield = 1
Details Execshield is made up of a number of kernel features to provide protection against buffer overflow attacks. These features...Create Separate Partition for /home
Details The /home directory is used to support disk storage needs of local users. Rationale: If the system is intended...Create Separate Partition for /tmp
Details The /tmp directory is a world-writable directory used for temporary storage by all users and some applications. Rationale: Since...