To configure and mount a CLM disk partition
Purpose
Perform this procedure on each CLM disk partition on a station that you create after the RHEL OS installation.
Note: A leading # symbol in a command is the root user prompt, and is not to be included in the command.
Steps
1 |
Log in as the root user on the station that hosts the partition. |
2 |
Open a console window. |
3 |
Mount the partition; see the RHEL OS documentation for information. |
4 |
Enter the following: # tune2fs -m 0 -o +acl /dev/device ↵ where device is the name of the device associated with the partition |
5 |
Open the /etc/fstab file using a plain-text editor such as vi. |
6 |
Perform one of the following.
where device is the name of the device associated with the partition mount_point is the partition mount point, for example, /opt/nsp fs_type is the file system type, for example, ext4 or xfs UUID is the block-device UUID; see To configure disk partitions using device UUIDs for information about obtaining a blick-device UUID |
7 |
Optionally, in accordance with ANSSI and CIS specifications, configure the following partitions using the following mount options: Note: Configuring the mount options is strongly recommended. Note: If you choose to configure the options, you must do so before any CLM software is installed on the station. Note: The /var partition options are only partially ANSSI-compliant; see the NSP Security Hardening Guide for CIS recommendations and the support for each. /boot xfs nodev,noexec,nosuid 0 0 /home xfs nodev,noexec,nosuid 0 0 /tmp xfs nodev,noexec,nosuid 0 0 /var xfs nodev,nosuid 0 0 |
8 |
Optionally, to meet the CIS noexec requirement for the /var/tmp directory, add the following line to bind the directory to the /tmp partition; see the NSP Security Hardening Guide for information: /tmp /var/tmp none bind 0 0 |
9 |
Save and close the /etc/fstab file. |
10 |
Enter the following to reboot the station: # systemctl reboot ↵ The station reboots. End of steps |