UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Red Hat Enterprise Linux operating system must mount /dev/shm with the noexec option.


Overview

Finding ID Version Rule ID IA Controls Severity
V-81013 RHEL-07-021024 SV-95725r1_rule Low
Description
The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
STIG Date
Red Hat Enterprise Linux 7 Security Technical Implementation Guide 2018-11-28

Details

Check Text ( C-80727r1_chk )
Verify that the "noexec" option is configured for /dev/shm.

Check that the operating system is configured to use the "noexec" option for /dev/shm with the following command:

# cat /etc/fstab | grep /dev/shm | grep noexec

tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0

If the "noexec" option is not present on the line for "/dev/shm", this is a finding.

Verify "/dev/shm" is mounted with the "noexec" option:

# mount | grep "/dev/shm" | grep noexec

If no results are returned, this is a finding.
Fix Text (F-87847r1_fix)
Configure the "/etc/fstab" to use the "noexec" option for all lines containing "/dev/shm".