Comments (7)
The default tmp.mount that comes with rhel7 is tmpfs, but it is disabled by default.
This role implements a security enhanced version of the redhat provided mount file.
What are your specific concerns? The role could potentially be extended to support non tmpfs.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/migration_planning_guide/sect-red_hat_enterprise_linux-migration_planning_guide-file_system_layout#sect-Red_Hat_Enterprise_Linux-Migration_Planning_Guide-File_System_Layout-Temporary_storage_space
from rhel7-cis.
ram consumption.
oracle or similar process already has dibs on large chunk of the RAM, user or process consumes /tmp which is backed by RAM, perhaps inadvertently
i am going to leave it as for the majority of our boxes and flip the configuration on our oracle boxes
from rhel7-cis.
@erpadmin I have the same concern. Will you just override the file from within another role, and call systemd to reload?
from rhel7-cis.
yes that is the plan for an oracle role which runs after CIS. we already already having issues with Oracle and noexec on /tmp since Oracle's runinstaller has a habit of coping the installer to /tmp and then executes it.
from rhel7-cis.
You shouldn't need a separate role, just set the following to false in your group_vars
rhel7cis_rule_1_1_2
rhel7cis_rule_1_1_3
rhel7cis_rule_1_1_4
rhel7cis_rule_1_1_5
from rhel7-cis.
in the context of only CIS sure no separate role would be needed.
i use a common roles and application specific roles during initial build outs so its simpler for me to to add "nonstandard" changes elsewhere otherwise sooner or later those CIS variables get left set incorrectly by someone
from rhel7-cis.
closing issue
from rhel7-cis.
Related Issues (20)
- Tasks using selectattr (section 6) fail on CentOS 7, Python 2.7.5, jinja2-2.7.2 HOT 2
- Rules 3.5.3.2.4 and 3.5.3.3.4 are missing HOT 2
- Show Audit Summary is missing tag run_audit HOT 3
- Missing quote line 207 of cis_5.3.x.yml HOT 1
- container discovery work and exclusions taken from rhel8cis
- Extra quote typo cis_5.4.x.yml
- Consider not following links for 6.2.13 home directory recommendations HOT 3
- Task 5.5.1.4 regex does not handle commented usernames HOT 2
- 6.2.1 does not handle an empty line in /etc/passwd using dict rhel7cis_passwd HOT 2
- Section 1.4 included on wrong variable? HOT 5
- README does not correct reflect how to run CIS levels HOT 1
- Missing OracleLinux.yml or override method for running CIS on Oracle Linux. HOT 5
- Add makestep in chrony.conf.j2 HOT 1
- Why was the rule 1.2.5 removed? HOT 2
- Unsupported parameters for (ansible.legacy.command) module: warn. HOT 3
- AIDE cron job setup 1.3.2 missing cron_file variable HOT 2
- Audit-Only Mode? HOT 3
- `RHEL7-CIS : 3.5.1.5 | AUDIT | Ensure default zone is set` fails although firewalld is up HOT 2
- Summary is not generated HOT 3
- 5.7 | PATCH | Ensure access to the su command is restricted | wheel group contains root HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rhel7-cis.