Ensure /boot Located On Separate Partition

An XCCDF Rule

Details
Profiles
Prose

Description

It is recommended that the /boot directory resides on a separate partition. This makes it easier to apply restrictions e.g. through the noexec mount option. Eventually, the /boot partition can be configured not to be mounted automatically with the noauto mount option.

Rationale

The /boot partition contains the kernel and bootloader files. Access to this partition should be restricted.

ID: xccdf_org.ssgproject.content_rule_partition_for_boot
Severity: Medium
References: BP28(R12)

CCE-91176-8
Updated: about 1 year ago