Open
Description
Description
os-14: Check mountpoints for noexec mount options (1 failed)
Reproduction steps
...
I'm using Ubuntu 20.04.6 LTS, and I'm trying to harden it.
I used the following command "ansible-playbook -i inventory.ini ansible-hardening.yml" and the below is content of ansible-hardening.yml
---
- name: Playbook to harden Ubuntu OS.
hosts: prod
remote_user: root
become: yes
roles:
- devsec.hardening.os_hardening
In addition, I have set => os_mnt_var_log_group: "root" in the group/host_vars as it was reported an issue previously.
After I run inspec exec https://github.com/dev-sec/linux-baseline.git -t ssh://root@prod -i ~/.ssh/id_rsa --chef-license accept
I got the following error:
× os-14: Check mountpoints for noexec mount options (1 failed)
× Mount /dev options is expected to include "noexec"
expected ["rw", "nosuid", "size=65536k", "mode=755", "uid=100000", "gid=100000", "inode64"] to include "noexec"
Profile Summary: 19 successful controls, 1 control failure, 38 controls skipped
Test Summary: 72 successful, 1 failure, 38 skippedCurrent Behavior
The InSpec linux-baseline verification failed.
Expected Behavior
The OS_Hardening module should apply requirements to comply with linux-baseline
OS / Environment
Ubuntu 20.04.6 LTS
Ansible Version
ansible [core 2.15.13]
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.9/dist-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.9.5 (default, Nov 23 2021, 15:27:38) [GCC 9.3.0] (/usr/bin/python3)
jinja version = 3.1.4
libyaml = TrueCollection Version
/# ansible-galaxy collection list | grep devsec.hardening
devsec.hardening 10.1.0Additional information
...