The noexec mount option specifies that the filesystem cannot contain executable binaries. Since the /var/log/audit filesystem is only intended for audit logs, set this option to ensure that users cannot run executable binaries from /var/log/audit
Solution
- IF - a separate partition exists for /var/log/audit Edit the /etc/fstab file and add noexec to the fourth field (mounting options) for the /var/log/audit partition. Example: <device> /var/log/audit <fstype> defaults,rw,nosuid,nodev,noexec,relatime 0 0 Run the following command to remount /var/log/audit with the configured options: # mount -o remount /var/log/audit