Open
Description
Bind mount common directories to add hardened mount options (like nodev, nosuid, noexec).
This may also be added to other roles where there is some data directory with possible un-trusted content (Like Nextcloud data or Squid cache directories)
REF:
- https://madaidans-insecurities.github.io/guides/linux-hardening.html#partitioning
- https://github.com/dev-sec/ansible-collection-hardening/blob/master/roles/os_hardening/tasks/minimize_access.yml
- https://github.com/dev-sec/ansible-collection-hardening/blob/master/roles/os_hardening/tasks/minimize_access_fs.yml