Puppet Class: cis_security_hardening::rules::home_nodev

Defined in:
manifests/rules/home_nodev.pp

Summary

Ensure nodev option set on /home partition

Overview

The nodev mount option specifies that the filesystem cannot contain special devices.

Rationale: Since the user partitions are not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices.

Examples:

class { 'cis_security_hardening::rules::home_nodev':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



19
20
21
22
23
24
25
26
27
28
 
# File 'manifests/rules/home_nodev.pp', line 19

class cis_security_hardening::rules::home_nodev (
  Boolean $enforce = false,
) {
  if ($enforce) and cis_security_hardening::hash_key($facts['mountpoints'], '/home') {
    cis_security_hardening::set_mount_options { '/home-nodev':
      mountpoint   => '/home',
      mountoptions => 'nodev',
    }
  }
}