Ensure Solid State Drives Do Not Contribute To Random-Number Entropy Pool

An XCCDF Rule

Details
Profiles
Prose

Description

For each solid-state drive on the system, run:

 # echo 0 > /sys/block/DRIVE/queue/add_random

Rationale

In contrast to traditional electromechanical magnetic disks, containing spinning disks and / or movable read / write heads, the solid-state storage devices (SSDs) do not contain moving / mechanical components. Therefore the I/O operation completion times are much more predictable for them.

ID: xccdf_org.ssgproject.content_rule_kernel_disable_entropy_contribution_for_solid_state_drives
Severity: Medium
Updated: about 1 year ago