Skip to content

Commit

Permalink
Unselect rule mount_option_boot_noauto in ANSSI
Browse files Browse the repository at this point in the history 
The rules that check /boot mount options need to updated to handle cases
where the /boot partition is not mounted because of noauto option.
  • Loading branch information
@yuumasato
yuumasato committed Jan 27, 2021
1 parent a450b0d commit 808df8e
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion controls/anssi.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,9 @@ controls:
- partition_for_boot
- mount_option_boot_nosuid
- mount_option_boot_noexec
- mount_option_boot_noauto
# The noauto option rule breaks checking of the other mount options
# Commented until rules for /boot mount_option handles this use case
# - mount_option_boot_noauto

# /opt nosuid, nodev (optional ro) Additional packages to the system. Read-only editing if not used
- partition_for_opt
Expand Down

0 comments on commit 808df8e

Please sign in to comment.