Recently latest vulnerability found on Red Hat Enterprise Linux 7 system during audit by security team. According to audit team, 'nodev' need to be an added mount for /var/lib/nfs/rpc_pipefs partition.
To resolve this vulnerability please perform the below steps as suggested by Red Hat.
1. We need to create Drop-In directory for var-lib-nfs-rpc_pipefs.mount
[root@redhat001:~]# mkdir -p /etc/systemd/system/var-lib-nfs-rpc_pipefs.mount.d/
2. Now we need to create configuration file adding this mount point
[root@redhat001:~]# printf '[Mount]\nOptions=nodev\n' > /etc/systemd/system/var-lib-nfs-rpc_pipefs.mount.d/99-nodev.conf
3. Please take a reload of daemon service
[root@redhat001:~]# systemctl daemon-reload
now please take a restart of mount services.
[root@redhat001:~]# systemctl restart var-lib-nfs-rpc_pipefs.mount
Using above steps we can add mount option nodev for /var/lib/nfs/rpc_pipefs parition on rhel7. To verify the mount point you can run the below command
[root@redhat001:~]#grep rpc /proc/self/mounts
sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw,nodev,relatime 0 0
If you see above output, nodev option has been successfully mount. This is straight steps need to follow to resolve such vulnerability.
To enhance security, add the nodev option for /var/lib/nfs/rpc_pipefs in /etc/fstab on RHEL 7. Use FiraCode for step-by-step guidance!
ReplyDelete