Bug #25535: CIS : Checking mount options on non-existing mountpoints - CIS - Issue Tracker

Actions

Copy link

Bug #25535

open

CIS : Checking mount options on non-existing mountpoints

Added by Michel BOUISSOU 2 months ago. Updated about 6 hours ago.

Status:

New

Priority:

N/A

Assignee:

Target version:

Rudder plugins - 8.1

Pull Request:

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

To do

Fix check:

To do

Regression:

Description

Sections about filesystem partitions asks for some partitions to be separate (i.e. /var/tmp, /var/log) only on level 2, but their respective mount options should be checked also on level 1.

However the benchmark specifies : « - IF - a separate partition exists for ... »

We are checking the mount options on directories that are not separate mountpoints, resulting in an inconsistency in the compliance report.

(See screenshot which is about RHEL 9)

I don't know how to do this : in the benchmark we are asked to check that output of a command shows a partition is mounted, like /var /dev/sdb ext4 rw,nosuid,nodev,noexec,relatime,seclabel. The thing is that, except for the first term ( /var here), everything else can change.

Files

CIS_1.1.2_not_needed_for_profile_240924a.png (136 KB) CIS_1.1.2_not_needed_for_profile_240924a.png

Compliance inconsistency.

Michel BOUISSOU, 2024-09-24 17:34

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder plugins » CIS

Custom queries

Bug #25535

CIS : Checking mount options on non-existing mountpoints

Updated by Lucas FRANCOIS 6 days ago

Updated by Lucas FRANCOIS 6 days ago

Updated by Lucas FRANCOIS about 6 hours ago