varnav/chef_tmp_partition_cis.rb

## chef_tmp_partition_cis.rb
# 1.1.4 Ensure nodev option set on /tmp partition
# 1.1.5 Ensure nosuid option set on /tmp partition
if node['filesystem']['by_mountpoint']['/tmp'] and node['platform_version'] >= 7
  mount '/tmp' do
    device node['filesystem']['by_mountpoint']['/tmp']['device']
    fstype node['filesystem']['by_mountpoint']['/tmp']['fs_type']
    # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/storage_administration_guide/sect-using_the_mount_command-mounting
    options 'defaults,noquota,nodev,nosuid'
    action [:remount, :enable]
  end
end

describe etc_fstab.where { mount_point == '/tmp' } do
  its('mount_options') { should include 'noexec' }
  its('mount_options') { should include 'nodev' }
  its('mount_options') { should include 'nosuid' }
  # Make sure default options aren't overridden
  its('mount_options') { should include 'rw' }
  its('mount_options') { should include 'noquota' }
end
	# 1.1.4 Ensure nodev option set on /tmp partition
	# 1.1.5 Ensure nosuid option set on /tmp partition
	if node['filesystem']['by_mountpoint']['/tmp'] and node['platform_version'] >= 7
	mount '/tmp' do
	device node['filesystem']['by_mountpoint']['/tmp']['device']
	fstype node['filesystem']['by_mountpoint']['/tmp']['fs_type']
	# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/storage_administration_guide/sect-using_the_mount_command-mounting
	options 'defaults,noquota,nodev,nosuid'
	action [:remount, :enable]
	end
	end

	describe etc_fstab.where { mount_point == '/tmp' } do
	its('mount_options') { should include 'noexec' }
	its('mount_options') { should include 'nodev' }
	its('mount_options') { should include 'nosuid' }
	# Make sure default options aren't overridden
	its('mount_options') { should include 'rw' }
	its('mount_options') { should include 'noquota' }
	end