ExternalMirrors
/
linux-formula
mirror of https://github.com/salt-formulas/salt-formula-linux
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 8 Wiki Activity
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
774 Commits
26 Branches
Tree: ee5ce15182
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ee5ce15182'
${ noResults }
linux-formula/metadata/service/system/cis/cis-1-1-1-7.yml

cis-1-1-1-7.yml 1004B
Raw Normal View History

CIS compliance (modprobe.d) * CIS 1.1.1.1 Ensure mounting of cramfs filesystems is disabled * CIS 1.1.1.2 Ensure mounting of freevxfs filesystems is disabled * CIS 1.1.1.3 Ensure mounting of jffs2 filesystems is disabled * CIS 1.1.1.4 Ensure mounting of hfs filesystems is disabled * CIS 1.1.1.5 Ensure mounting of hfsplus filesystems is disabled * CIS 1.1.1.6 Ensure mounting of squashfs filesystems is disabled * CIS 1.1.1.7 Ensure mounting of udf filesystems is disabled * CIS 1.1.1.8 Ensure mounting of FAT filesystems is disabled * CIS 3.5.1 Ensure DCCP is disabled * CIS 3.5.2 Ensure SCTP is disabled * CIS 3.5.3 Ensure RDS is disabled * CIS 3.5.4 Ensure TIPC is disabled Related-Prod: PROD-20756 Related-Prod: PROD-20757 Related-Prod: PROD-20758 Related-Prod: PROD-20759 Change-Id: Ia8bf992498ef739a4a40fb108fcb449900caf6e3
6 years ago
 1234567891011121314151617181920212223242526272829303132333435363738 
  1. # 1.1.1.7 Ensure mounting of udf filesystems is disabled

  2. #

  3. # Description

  4. # ===========

  5. # The udf filesystem type is the universal disk format used to implement

  6. # ISO/IEC 13346 and ECMA-167 specifications. This is an open vendor filesystem

  7. # type for data storage on a broad range of media. This filesystem type is

  8. # necessary to support writing DVDs and newer optical disc formats.

  9. #

  10. # Rationale

  11. # =========

  12. # Removing support for unneeded filesystem types reduces the local attack

  13. # surface of the server. If this filesystem type is not needed, disable it.

  14. #

  15. # Audit

  16. # =====

  17. # Run the following commands and verify the output is as indicated:

  18. #

  19. #   # modprobe -n -v udf

  20. #   install /bin/true

  21. #   # lsmod | grep udf

  22. #   <No output>

  23. #

  24. # Remediation

  25. # ===========

  26. # Edit or create the file /etc/modprobe.d/CIS.conf and add the following line:

  27. #

  28. #   install udf /bin/true

  29. #

  30. parameters:

  31.   linux:

  32.     system:

  33.       kernel:

  34.         module:

  35.           udf:

  36.             install:

  37.               command: /bin/true

  38.