Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== 1.1.1.1 Ensure mounting of cramfs filesystems is disabled (Scored) ====== =====Profile Applicability===== <code> Level 1 - Server Level 1 - Workstation </code> =====Description===== The ''cramfs'' filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems. A ''cramfs'' image can be used without having to first decompress the image. =====Rationale===== Removing support for unneeded filesystem types reduces the local attack surface of the server. If this filesystem type is not needed, disable it. =====Audit===== Run the following commands and verify the output is as indicated: <Code:bash> # modprobe -n -v cramfs install /bin/true # lsmod | grep cramfs <No output> </Code> =====Remediation===== Edit or create the file ''/etc/modprobe.d/CIS.conf'' and add the following line: <Code:bash> install cramfs /bin/true </Code> centos7/1/1/1/1.txt Last modified: 2017/05/03 02:06by Piotr Kłoczewski