1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The cramfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems. A cramfs image can be used without having to first decompress the image.

Rationale:

Removing support for unneeded filesystem types reduces the local attack surface of the system. If this filesystem type is not needed, disable it.

Solution

Edit or create a file in the /etc/modprobe.d/ directory ending in .conf with a line that reads install cramfs /bin/false and a line the reads blacklist cramfs.
Example:

# printf 'install cramfs /bin/false
blacklist cramfs
' >> /etc/modprobe.d/cramfs.conf

Run the following command to unload the cramfs module:

# modprobe -r cramfs

Additional Information:

NIST SP 800-53 Rev. 5:

CM-7

See Also

https://workbench.cisecurity.org/files/3939