rhel9: align kickstarts with rules in the profile regarding mount options

Author: vojtapolasek

products/rhel9/kickstart/ssg-rhel9-anssi_bp28_enhanced-ks.cfg

@@ -103,13 +103,13 @@ logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=1024 --fsoptions="n
 # Ensure /srv Located On Separate Partition
 logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/tmp Located On Separate Partition
 logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var Located On Separate Partition
-logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log Located On Separate Partition
 logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log/audit Located On Separate Partition

products/rhel9/kickstart/ssg-rhel9-anssi_bp28_high-ks.cfg

@@ -107,13 +107,13 @@ logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=1024 --fsoptions="n
 # Ensure /srv Located On Separate Partition
 logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/tmp Located On Separate Partition
 logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var Located On Separate Partition
-logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log Located On Separate Partition
 logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log/audit Located On Separate Partition

products/rhel9/kickstart/ssg-rhel9-anssi_bp28_intermediary-ks.cfg

@@ -103,13 +103,13 @@ logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=1024 --fsoptions="n
 # Ensure /srv Located On Separate Partition
 logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/tmp Located On Separate Partition
 logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var Located On Separate Partition
-logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log Located On Separate Partition
 logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log/audit Located On Separate Partition

products/rhel9/kickstart/ssg-rhel9-ccn_advanced-ks.cfg

@@ -87,7 +87,7 @@ clearpart --linux --initlabel
 reqpart
 
 # Create primary system partitions (required for installs)
-part /boot --fstype=xfs --size=2048
+part /boot --fstype=xfs --size=2048 --fsoptions="nodev,nosuid,noexec"
 part pv.01 --grow --size=1
 
 # Create a Logical Volume Management (LVM) group (optional)

products/rhel9/kickstart/ssg-rhel9-ccn_basic-ks.cfg

@@ -87,7 +87,7 @@ clearpart --linux --initlabel
 reqpart
 
 # Create primary system partitions (required for installs)
-part /boot --fstype=xfs --size=2048
+part /boot --fstype=xfs --size=2048 --fsoptions="nodev,nosuid,noexec"
 part pv.01 --grow --size=1
 
 # Create a Logical Volume Management (LVM) group (optional)

products/rhel9/kickstart/ssg-rhel9-ccn_intermediate-ks.cfg

@@ -87,7 +87,7 @@ clearpart --linux --initlabel
 reqpart
 
 # Create primary system partitions (required for installs)
-part /boot --fstype=xfs --size=2048
+part /boot --fstype=xfs --size=2048 --fsoptions="nodev,nosuid,noexec"
 part pv.01 --grow --size=1
 
 # Create a Logical Volume Management (LVM) group (optional)

products/rhel9/kickstart/ssg-rhel9-cis-ks.cfg

@@ -99,17 +99,17 @@ volgroup VolGroup pv.01
 # Create particular logical volumes (optional)
 logvol / --fstype=xfs --name=root --vgname=VolGroup --size=5120 --grow
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
 # Ensure /var/tmp Located On Separate Partition
 logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var Located On Separate Partition
-logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev,nosuid"
 # Ensure /var/log Located On Separate Partition
-logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log/audit Located On Separate Partition
-logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 logvol swap --name=swap --vgname=VolGroup --size=2016
 
 

products/rhel9/kickstart/ssg-rhel9-cis_server_l1-ks.cfg

@@ -99,17 +99,17 @@ volgroup VolGroup pv.01
 # Create particular logical volumes (optional)
 logvol / --fstype=xfs --name=root --vgname=VolGroup --size=5120 --grow
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
 # Ensure /var/tmp Located On Separate Partition
 logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var Located On Separate Partition
-logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev,nosuid"
 # Ensure /var/log Located On Separate Partition
-logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log/audit Located On Separate Partition
-logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 logvol swap --name=swap --vgname=VolGroup --size=2016
 
 

products/rhel9/kickstart/ssg-rhel9-cis_workstation_l1-ks.cfg

@@ -99,17 +99,17 @@ volgroup VolGroup pv.01
 # Create particular logical volumes (optional)
 logvol / --fstype=xfs --name=root --vgname=VolGroup --size=5120 --grow
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
 # Ensure /var/tmp Located On Separate Partition
 logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var Located On Separate Partition
-logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev,nosuid"
 # Ensure /var/log Located On Separate Partition
-logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log/audit Located On Separate Partition
-logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 logvol swap --name=swap --vgname=VolGroup --size=2016
 
 

products/rhel9/kickstart/ssg-rhel9-cis_workstation_l2-ks.cfg

@@ -99,17 +99,17 @@ volgroup VolGroup pv.01
 # Create particular logical volumes (optional)
 logvol / --fstype=xfs --name=root --vgname=VolGroup --size=5120 --grow
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
 # Ensure /var/tmp Located On Separate Partition
 logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var Located On Separate Partition
-logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev,nosuid"
 # Ensure /var/log Located On Separate Partition
-logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log/audit Located On Separate Partition
-logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 logvol swap --name=swap --vgname=VolGroup --size=2016