Uploaded image for project: 'Cloud Infrastructure Security & Compliance'
  1. Cloud Infrastructure Security & Compliance
  2. CMP-1159 OCP STIG spreadsheet work
  3. CMP-1170

SRG-OS-000368-GPOS-00154: preventing progam execution

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None
    • False
    • False
    • OCPSTRAT-438 - Support Creation for DISA-STIG Profile
    • CMP Sprint 41

      /dev/shm and /tmp each have the nodev, nosuid, and noexec mount options

      RHEL8 also check /var/log /var/log/audit /var/tmp, these are not separate mounts by default. Also, kube only supports 2 additional mounts, so what makes the most sense /var/log and /var/tmp?

       

      Finally fapolicyd is not included or supported. Are there other mitigations that we can point to?

              daanders@redhat.com David Anderson
              daanders@redhat.com David Anderson
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: