Bug #25535
Updated by Lucas FRANCOIS about 13 hours ago
Sections about *filesystem partitions* asks for some partitions to be separate (i.e. /var/tmp, /var/log) only on level 2, but their respective mount options should be checked also on level 1.
However the benchmark specifies : « - IF - a separate partition exists for ... »
We are checking the mount options on directories that are not separate mountpoints, resulting in an inconsistency in the compliance report.
(See screenshot which is about RHEL 9)
I don't know how to do this : in the benchmark we are asked to check that output of a command shows a partition is mounted, like +/var /dev/sdb ext4 rw,nosuid,nodev,noexec,relatime,seclabel+. The thing is that, except for the first term ( */var* here), everything else can change.