ComplianceAsCode · yuumasato · Mar 16, 2023 · Mar 3, 2023 · Mar 15, 2023 · Mar 15, 2023
diff --git a/products/rhel7/kickstart/ssg-rhel7-cis-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-cis-ks.cfg
@@ -104,7 +104,7 @@ part pv.01 --grow --size=1
 volgroup VolGroup --pesize=4096 pv.01
 
 # Create particular logical volumes (optional)
-logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=11264 --grow
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10752 --grow
 # Ensure /home Located On Separate Partition
 logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
 # Ensure /tmp Located On Separate Partition
@@ -117,6 +117,8 @@ logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048
 logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024
 # Ensure /var/log/audit Located On Separate Partition
 logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512
+# Ensure /dev/shm Located on Separate Partition
+logvol /dev/shm --name=LogVol8 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 logvol swap --name=lv_swap --vgname=VolGroup --size=2016
 
 

diff --git a/products/rhel7/kickstart/ssg-rhel7-cis_server_l1-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-cis_server_l1-ks.cfg
@@ -104,9 +104,11 @@ part pv.01 --grow --size=1
 volgroup VolGroup --pesize=4096 pv.01
 
 # Create particular logical volumes (optional)
-logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=11264 --grow
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10752 --grow
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
+# Ensure /dev/shm Located on Separate Partition
+logvol /dev/shm --name=LogVol8 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 logvol swap --name=lv_swap --vgname=VolGroup --size=2016
 
 

diff --git a/products/rhel7/kickstart/ssg-rhel7-cis_workstation_l1-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-cis_workstation_l1-ks.cfg
@@ -104,9 +104,11 @@ part pv.01 --grow --size=1
 volgroup VolGroup --pesize=4096 pv.01
 
 # Create particular logical volumes (optional)
-logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=11264 --grow
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10752 --grow
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
+# Ensure /dev/shm Located on Separate Partition
+logvol /dev/shm --name=LogVol8 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 logvol swap --name=lv_swap --vgname=VolGroup --size=2016
 
 

diff --git a/products/rhel7/kickstart/ssg-rhel7-cis_workstation_l2-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-cis_workstation_l2-ks.cfg
@@ -104,7 +104,7 @@ part pv.01 --grow --size=1
 volgroup VolGroup --pesize=4096 pv.01
 
 # Create particular logical volumes (optional)
-logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=11264 --grow
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10752 --grow
 # Ensure /home Located On Separate Partition
 logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
 # Ensure /tmp Located On Separate Partition
@@ -117,6 +117,8 @@ logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048
 logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024
 # Ensure /var/log/audit Located On Separate Partition
 logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512
+# Ensure /dev/shm Located on Separate Partition
+logvol /dev/shm --name=LogVol8 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 logvol swap --name=lv_swap --vgname=VolGroup --size=2016
 
 

diff --git a/products/rhel9/kickstart/ssg-rhel9-cis-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-cis-ks.cfg
@@ -91,11 +91,14 @@ clearpart --linux --initlabel
 part /boot --fstype=xfs --size=512
 part pv.01 --grow --size=1
 
+# Ensure /dev/shm is a separate partition
+part /dev/shm --fstype=tmpfs --fsoptions="nodev,nosuid,noexec" --size=512
+
 # Create a Logical Volume Management (LVM) group (optional)
 volgroup VolGroup --pesize=4096 pv.01
 
 # Create particular logical volumes (optional)
-logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=9728 --grow
 # Ensure /home Located On Separate Partition
 logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
 # Ensure /tmp Located On Separate Partition

diff --git a/products/rhel9/kickstart/ssg-rhel9-cis_server_l1-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-cis_server_l1-ks.cfg
@@ -91,11 +91,14 @@ clearpart --linux --initlabel
 part /boot --fstype=xfs --size=512
 part pv.01 --grow --size=1
 
+# Ensure /dev/shm is a separate partition
+part /dev/shm --fstype=tmpfs --fsoptions="nodev,nosuid,noexec" --size=512
+
 # Create a Logical Volume Management (LVM) group (optional)
 volgroup VolGroup --pesize=4096 pv.01
 
 # Create particular logical volumes (optional)
-logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=16896 --grow
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=16384 --grow
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
 logvol swap --name=lv_swap --vgname=VolGroup --size=2016

diff --git a/products/rhel9/kickstart/ssg-rhel9-cis_workstation_l1-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-cis_workstation_l1-ks.cfg
@@ -91,11 +91,14 @@ clearpart --linux --initlabel
 part /boot --fstype=xfs --size=512
 part pv.01 --grow --size=1
 
+# Ensure /dev/shm is a separate partition
+part /dev/shm --fstype=tmpfs --fsoptions="nodev,nosuid,noexec" --size=512
+
 # Create a Logical Volume Management (LVM) group (optional)
 volgroup VolGroup --pesize=4096 pv.01
 
 # Create particular logical volumes (optional)
-logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=16896 --grow
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=16384 --grow
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
 logvol swap --name=lv_swap --vgname=VolGroup --size=2016

diff --git a/products/rhel9/kickstart/ssg-rhel9-cis_workstation_l2-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-cis_workstation_l2-ks.cfg
@@ -91,11 +91,14 @@ clearpart --linux --initlabel
 part /boot --fstype=xfs --size=512
 part pv.01 --grow --size=1
 
+# Ensure /dev/shm is a separate partition
+part /dev/shm --fstype=tmpfs --fsoptions="nodev,nosuid,noexec" --size=512
+
 # Create a Logical Volume Management (LVM) group (optional)
 volgroup VolGroup --pesize=4096 pv.01
 
 # Create particular logical volumes (optional)
-logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=9728 --grow
 # Ensure /home Located On Separate Partition
 logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
 # Ensure /tmp Located On Separate Partition