RHEL 9 must use a separate file system for /var.

STIG ID: RHEL-09-231020  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: low |  CCI: CCI-000366 |  Vulnerability Id: V-257845

Vulnerability Discussion

Ensuring that "/var" is mounted on its own partition enables the setting of more restrictive mount options. This helps protect system services such as daemons or other programs which use it. It is not uncommon for the "/var" directory to contain world-writable directories installed by other software packages.

Check

Verify that a separate file system/partition has been created for "/var" with the following command:

$ mount | grep /var

UUID=c274f65f-c5b5-4481-b007-bee96feb8b05 /var xfs noatime 1 2

If a separate entry for "/var" is not in use, this is a finding.

Fix

Migrate the "/var" path onto a separate file system.