Speaking of the NSA guide, another recommendation (besides "remove
unnecessary software") is this:
(from http://www.nsa.gov/snac/os/redhat/rhel5-guide-i731.pdf)
---------------------------------------------------------------
2.2.1.1 Add nodev Option to Non-Root Local Partitions
Edit the file /etc/fstab. The important columns for purposes of this
section are column 2 (mount point), column 3 (filesystem type), and
column 4 (mount options). For any line which satisfies all of the
conditions:
The filesystem type is ext2 or ext3
The mount point is not /
add the text “,nodev” to the list of mount options in column 4.
--------------------------------------------------------------
Of course the "list of mount options" in RHEL5 defaults to "defaults",
which according to the man page is: rw, suid, dev, exec, auto, nouser,
and async.
So, what is the effect of appending 'nodev' to 'defaults', since it
includes 'dev'? Does last-stated option win, or does the list need to
be spelled out if any of the defaults are to be changed?
Besides chroot situations, where else does it NOT make sense to use
'nodev' for non-root partitions?
-Ed
_______________________________________________
rhelv5-beta-list mailing list
rhelv5-beta-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-beta-list
