# 1.1.1.8 Ensure mounting of FAT filesystems is disabled
#
# Description
# ===========
# The FAT filesystem format is primarily used on older windows systems and
# portable USB drives or flash modules. It comes in three types FAT12, FAT16,
# and FAT32 all of which are supported by the vfat kernel module.
#
# Rationale
# =========
# Removing support for unneeded filesystem types reduces the local attack
# surface of the server. If this filesystem type is not needed, disable it.
#
# Audit
# =====
# Run the following commands and verify the output is as indicated:
#
#   # modprobe -n -v vfat
#   install /bin/true
#   # lsmod | grep vfat
#   <No output>
#
# Remediation
# ===========
#
# Edit or create the file /etc/modprobe.d/CIS.conf and add the following line:
#
#   install vfat /bin/true
#
# Impact
# ======
# FAT filesystems are often used on portable USB sticks and other flash
# media are commonly used to transfer files between workstations, removing
# VFAT support may prevent the ability to transfer files in this way.
#
# NOTE
# ====
# In Ubuntu 16.04 vfat is built into kernel, and 'install' command
# from modprobe.d dir has no effect. However, this is still checked by
# CIS-CAT in Ubuntu 16.04 benchmark v.1.0.0. This was removed in v.1.1.0.
#
parameters:
  linux:
    system:
      kernel:
        module:
          vfat:
            install:
              command: /bin/true