{"description": "System partitions can be mounted with certain options\nthat limit what files on those partitions can do. These options\nare set in the <tt>/etc/fstab</tt> configuration file, and can be\nused to make certain types of malicious behavior more difficult.", "warnings": [], "requires": [], "conflicts": [], "values": ["var_mount_option_proc_hidepid", "var_removable_partition"], "groups": {}, "rules": ["mount_option_boot_efi_nosuid", "mount_option_boot_noauto", "mount_option_boot_nodev", "mount_option_boot_noexec", "mount_option_boot_nosuid", "mount_option_dev_shm_nodev", "mount_option_dev_shm_noexec", "mount_option_dev_shm_nosuid", "mount_option_home_grpquota", "mount_option_home_nodev", "mount_option_home_noexec", "mount_option_home_nosuid", "mount_option_home_usrquota", "mount_option_nodev_nonroot_local_partitions", "mount_option_nodev_removable_partitions", "mount_option_noexec_removable_partitions", "mount_option_nosuid_removable_partitions", "mount_option_opt_nosuid", "mount_option_proc_hidepid", "mount_option_srv_nosuid", "mount_option_tmp_nodev", "mount_option_tmp_noexec", "mount_option_tmp_nosuid", "mount_option_var_log_audit_nodev", "mount_option_var_log_audit_noexec", "mount_option_var_log_audit_nosuid", "mount_option_var_log_nodev", "mount_option_var_log_noexec", "mount_option_var_log_nosuid", "mount_option_var_nodev", "mount_option_var_noexec", "mount_option_var_nosuid", "mount_option_var_tmp_bind", "mount_option_var_tmp_nodev", "mount_option_var_tmp_noexec", "mount_option_var_tmp_nosuid"], "platform": "not container", "platforms": ["not container"], "inherited_platforms": [], "cpe_platform_names": ["not_container"], "title": "Restrict Partition Mount Options", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/partitions/group.yml"}