Apologies if this is slightly 'offpiste'.
One of the hardening parameters we use to stop execution of programs on
certain partitions is noexec in fstab, this is a general C.I.S
requirement. I believe the only requirement advising this in the
context of this list is to do with Removable Media Partitions.
I've noted myself that you can still execute bash scripts in these
partitions by utilising /bin/sh (bash), in our environment /bin/sh is
set to -rwxr-xr-x which I belive is an OOB setting, should this be
refined to something more strict? Furthermore is there any SSG auditing
on this?
Thanks,
Stuart
--
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
