Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
ubuntu1604:1:1:1:8 [2017/05/01 23:57]
Piotr Kłoczewski
ubuntu1604:1:1:1:8 [2017/05/02 12:08] (current)
Piotr Kłoczewski
Line 1: Line 1:
 ====== 1.1.1.8 Ensure mounting of FAT filesystems is disabled (Scored) ====== ====== 1.1.1.8 Ensure mounting of FAT filesystems is disabled (Scored) ======
-**Profile Applicability:** \\  +=====Profile Applicability=====   
-   +<code> 
-<note>Level 1 - Server ​\\  +Level 1 - Server  
-Level 2 - Workstation</​note+Level 2 - Workstation 
- +</code
-**Description:** \\  +=====Description===== 
-The ''​FAT''​ filesystem format is primarily used on older windows systems and portable USB drives or flash modules. It comes in three types ''​FAT12'',​ ''​FAT16'',​ and ''​FAT32''​ all of which are supported by the ''​vfat''​ kernel module. ​\\ \\  +The ''​FAT''​ filesystem format is primarily used on older windows systems and portable USB drives or flash modules. It comes in three types ''​FAT12'',​ ''​FAT16'',​ and ''​FAT32''​ all of which are supported by the ''​vfat''​ kernel module. 
-**Rationale:** \\  +=====Rationale===== 
-Removing support for unneeded filesystem types reduces the local attack surface of the server. If this filesystem type is not needed, disable it. \\ \\  +Removing support for unneeded filesystem types reduces the local attack surface of the server. If this filesystem type is not needed, disable it. 
-**Audit:** \\ +=====Audit===== 
 Run the following commands and verify the output is as indicated: \\  Run the following commands and verify the output is as indicated: \\ 
 <​Code:​bash>​ <​Code:​bash>​
Line 17: Line 17:
 <No output> <No output>
 </​Code>​ </​Code>​
-\\ +=====Remediation===== 
-**Remediation:** \\ +
 Edit or create the file ''/​etc/​modprobe.d/​CIS.conf''​ and add the following line: \\ Edit or create the file ''/​etc/​modprobe.d/​CIS.conf''​ and add the following line: \\
 <​Code:​bash>​ <​Code:​bash>​
-\\ **Impact:** \\  
-FAT filesystems are often used on portable USB sticks and other flash media are commonly used to transfer files between workstations,​ removing VFAT support may prevent the ability to transfer files in this way. 
 install vfat /bin/true install vfat /bin/true
 </​Code>​ </​Code>​
 +=====Impact===== ​
 +FAT filesystems are often used on portable USB sticks and other flash media are commonly used to transfer files between workstations,​ removing VFAT support may prevent the ability to transfer files in this way.