Feature: cisPartition

Description

Features

Regarding CIS benchmarks, further options like noexec, nodevmust be set for several mounts. Therefore, a default partition layout is shipped by this feature. The size for any mount can be adjusted:

FSTab

# <file system>    <dir>              <type>    <options>                              <args>
LABEL=EFI          /boot/efi          vfat      umask=0077                             type=uefi
LABEL=ROOT         /                  ext4      rw,errors=remount-ro,prjquota,discard  size=1024MiB
LABEL=HOME         /home              ext4      defaults,nosuid,noexec,nodev           size=64MiB
LABEL=VAR          /var               ext4      defaults,nosuid,noexec,nodev           size=128MiB
LABEL=VARTMP       /var/tmp           ext4      defaults,nosuid,noexec,nodev           size=64MiB
LABEL=VARLOG       /var/log           ext4      defaults,nosuid,noexec,nodev           size=128MiB
LABEL=VARLOGAUD    /var/log/audit     ext4      defaults,nosuid,noexec,nodev           size=64MiB

/tmp will be handled by a systemd unit file and be created with CIScompliant options:

Options=mode=1777,strictatime,nosuid,nodev,noexec

Unit testing

Unit tests are only supported by its parent feature cis. See also ../cis/README.md.


type	element
artifact	None
included_features	cis
excluded_features	None

Local Tutorials

Cloud Tutorials

Container Tutorials

On-Premises Tutorials

Customization

Platform-Specific Guides

Security

Supporting Tools

builder

reference

tutorials

python-gardenlinux-lib

how-to

Releases

Release Notes

Architecture Decision Records (ADR)

Documentation

Testing

Feature: cisPartition

Description

Features

Unit testing

Meta

reference

tutorials

how-to

Release Notes

Feature: cisPartition ​

Description ​

Features ​

Unit testing ​

Meta ​

Feature: cisPartition

Description

Features

Unit testing

Meta