1.1.6.4 Ensure nosuid option set on /var/log/audit partition

Information

The nosuid mount option specifies that the filesystem cannot contain setuid files.

Since the /var/log/audit filesystem is only intended for variable files such as logs, set this option to ensure that users cannot create setuid files in /var/log/audit

Solution

Edit the /etc/fstab file and add nosuid to the fourth field (mounting options) for the /var/log/audit partition.

Example:

<device> /var/log/audit <fstype> defaults,rw,nosuid,nodev,noexec,relatime 0 0

Run the following command to remount /var/log/audit with the configured options:

# mount -o remount /var/log/audit

See Also

https://workbench.cisecurity.org/files/4230

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 3db5e33aeab61c0e9d06ff4d96f176c08531c8ac73650df3707a62db3ac1c32a