To configure and mount an NSP disk partition

Purpose

Perform this procedure on each NSP disk partition on a station that you create after the RHEL OS installation. The procedure is valid for a station that hosts any NSP component type.

Note: A leading # symbol in a command is the root user prompt, and is not to be included in the command.

Steps
 

Log in as the root user on the station that hosts the partition.


Open a console window.


Mount the partition; see the RHEL OS documentation for information.


Enter the following:

tune2fs -m 0 -o +acl /dev/device

where device is the name of the device associated with the partition


Open the /etc/fstab file using a plain-text editor such as vi.


Perform one of the following.

  1. For a partition in a physical hardware deployment, add the following entry:

    /dev/device   mount_point   fs_type  barrier=0,noatime    1 2

  2. For a partition in an OpenStack VM, add the following entry:

    /dev/device   mount_point   fs_type  noatime    1 2

  3. For a non-LVM partition in a VMWare VM, add the following entry:

    UUID=UUID   mount_point   fs_type  noatime    1 2

where

device is the name of the device associated with the partition

mount_point is the partition mount point, for example, /opt/nsp

fs_type is the file system type, for example, ext4 or xfs

UUID is the block-device UUID; see To configure disk partitions using device UUIDs for information about obtaining a blick-device UUID


Optionally, in accordance with ANSSI and CIS specifications, configure the following partitions using the following mount options:

Note: Configuring the mount options is strongly recommended.

Note: If you choose to configure the options, you must do so before any NSP software is installed on the station.

Note: The /var partition options are only partially ANSSI-compliant; see the NSP Security Hardening Guide for CIS recommendations and the NSP support for each.

/boot xfs nodev,noexec,nosuid 0 0

/home xfs nodev,noexec,nosuid 0 0

/tmp xfs nodev,noexec,nosuid 0 0

/var xfs nodev,nosuid 0 0


Optionally, to meet the CIS noexec requirement for the /var/tmp directory, add the following line to bind the directory to the /tmp partition; see the NSP Security Hardening Guide for information:

/tmp /var/tmp none bind 0 0


Save and close the /etc/fstab file.


10 

Enter the following to reboot the station:

systemctl reboot ↵

The station reboots.

End of steps