Modify description

bin/hardening/2.26_home_nosuid.sh

@@ -5,7 +5,7 @@
 #
 
 #
-# 2.10.1 Set nosuid option for /home filesystem/Partition (Scored)
+# 2.26 Set nosuid option for /home filesystem/Partition (Scored)
 # Authors : Samson wen, Samson <sccxboy@gmail.com>
 #
 

docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd

@@ -1,5 +1,32 @@
 # harbian audit Debian Linux 9 Benchmark  
 
+## 2.26 Set nosuid option for /home filesystem/Partition (scored) 
+
+### Profile Applicability
+Level 2
+
+### Description
+File systems that contain user home directories must be mounted to prevent files with the setuid and setgid bit set from being executed.
+
+### Rationale
+The "nosuid" mount option causes the system to not execute setuid and setgid files with owner privileges. This option must be used for mounting any file system not containing approved setuid and setguid files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
+
+### Aduit
+Verify file systems that contain user home directories are mounted with the "nosuid" option. Find the file system(s) that contain the user home directories with the following command:
+Note: If a separate file system has not been created for the user home directories (user home directories are mounted under "/"), this is not a finding as the "nosuid" option cannot be used on the "/" system.
+```
+# cut -d: -f 1,3,6 /etc/passwd | egrep ":[1-4][0-9]{3}"
+smithj:1001:/home/smithj
+thomasr:1002:/home/thomasr
+Check the file systems that are mounted at boot time with the following command:
+```
+# more /etc/fstab
+UUID=a411dc99-f2a1-4c87-9e05-184977be8539 /home   ext4   rw,relatime,discard,data=ordered,nosuid 0 2
+```     
+
+### Remediation
+Configure the "/etc/fstab" to use the "nosuid" option on file systems that contain user home directories.
+
 ## 5.7 Install screen (scored) 
 
 ### Profile Applicability