# 1.1.1.7 Ensure mounting of udf filesystems is disabled
#
# Description
# ===========
# The udf filesystem type is the universal disk format used to implement
# ISO/IEC 13346 and ECMA-167 specifications. This is an open vendor filesystem
# type for data storage on a broad range of media. This filesystem type is
# necessary to support writing DVDs and newer optical disc formats.
#
# Rationale
# =========
# Removing support for unneeded filesystem types reduces the local attack
# surface of the server. If this filesystem type is not needed, disable it.
#
# Audit
# =====
# Run the following commands and verify the output is as indicated:
#
#   # modprobe -n -v udf
#   install /bin/true
#   # lsmod | grep udf
#   <No output>
#
# Remediation
# ===========
# Edit or create the file /etc/modprobe.d/CIS.conf and add the following line:
#
#   install udf /bin/true
#
parameters:
  linux:
    system:
      kernel:
        module:
          udf:
            install:
              command: /bin/true