Differences

This shows you the differences between two versions of the page.

Link to this comparison view

ubuntu1604:1:1:1:6 [2017/05/01 23:51]
Piotr Kłoczewski utworzono
ubuntu1604:1:1:1:6 [2017/05/02 12:01] (current)
Piotr Kłoczewski
Line 1: Line 1:
 ====== 1.1.1.6 Ensure mounting of squashfs filesystems is disabled (Scored) ====== ====== 1.1.1.6 Ensure mounting of squashfs filesystems is disabled (Scored) ======
-**Profile Applicability:** \\  +=====Profile Applicability=====   
-   +<code> 
-<note>Level 1 - Server ​\\  +Level 1 - Server  
-Level 1 - Workstation</​note+Level 1 - Workstation 
- +</code
-**Description:** \\  +=====Description===== 
-The ''​squashfs''​ filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems (similar to ''​cramfs''​). A ''​squashfs''​ image can be used without having to first decompress the image. ​\\ \\  +The ''​squashfs''​ filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems (similar to ''​cramfs''​). A ''​squashfs''​ image can be used without having to first decompress the image. 
-**Rationale:** \\  +=====Rationale===== 
-Removing support for unneeded filesystem types reduces the local attack surface of the server. If this filesystem type is not needed, disable it. \\ \\  +Removing support for unneeded filesystem types reduces the local attack surface of the server. If this filesystem type is not needed, disable it. 
-**Audit:** \\ +=====Audit===== 
 Run the following commands and verify the output is as indicated: \\  Run the following commands and verify the output is as indicated: \\ 
 <​Code:​bash>​ <​Code:​bash>​
Line 17: Line 17:
 <No output> <No output>
 </​Code>​ </​Code>​
-\\ +=====Remediation===== 
-**Remediation:** \\ +
 Edit or create the file ''/​etc/​modprobe.d/​CIS.conf''​ and add the following line: \\ Edit or create the file ''/​etc/​modprobe.d/​CIS.conf''​ and add the following line: \\
 <​Code:​bash>​ <​Code:​bash>​
 install squashfs /bin/true install squashfs /bin/true
 </​Code>​ </​Code>​