Ensure /var Located On Separate Partition

An XCCDF Rule

Details
Profiles
Prose

Description

The /var directory is used by daemons and other system services to store frequently-changing data. Ensure that /var has its own partition or logical volume at installation time, or migrate it using LVM.

Rationale

Ensuring that /var is mounted on its own partition enables the setting of more restrictive mount options. This helps protect system services such as daemons or other programs which use it. It is not uncommon for the /var directory to contain world-writable directories installed by other software packages.

ID: xccdf_org.ssgproject.content_rule_partition_for_var
Severity: Low
References: BP28(R12)

12 15 8

APO13.01 DSS05.02

CCI-000366

SR 3.1 SR 3.5 SR 3.8 SR 4.1 SR 4.3 SR 5.1 SR 5.2 SR 5.3 SR 7.1 SR 7.6

A.13.1.1 A.13.2.1 A.14.1.3

CM-6(a) SC-5(2)

PR.PT-4

SRG-OS-000480-GPOS-00227
Updated: about 1 year ago


part /var


[[customizations.filesystem]]
mountpoint = "/var"
size = 3221225472

Ensure /var Located On Separate Partition

Description

Rationale

Remediation - Anaconda Pre-Install Instructions

Remediation - OS Build Blueprint