metadata/service/system/cis/cis-1-1-1-3.yml - salt-formulas/linux - Gitiles

 # 1.1.1.3 Ensure mounting of jffs2 filesystems is disabled
 #
 # Description
 # ===========
 # The jffs2 (journaling flash filesystem 2) filesystem type is a
 # log-structured filesystem used in flash memory devices.
 #
 # Rationale
 # =========
 # Removing support for unneeded filesystem types reduces the local attack
 # surface of the system. If this filesystem type is not needed, disable it.
 #
 # Audit
 # =====
 # Run the following commands and verify the output is as indicated:
 #
 #   # modprobe -n -v jffs2
 #   install /bin/true
 #   # lsmod | grep jffs2
 #   <No output>
 #
 # Remediation
 # ===========
 # Edit or create the file /etc/modprobe.d/CIS.conf and add the following line:
 #
 #   install jffs2 /bin/true
 #
 parameters:
   linux:
     system:
       kernel:
         module:
           jffs2:
             install:
               command: /bin/true
	# 1.1.1.3 Ensure mounting of jffs2 filesystems is disabled
	#
	# Description
	# ===========
	# The jffs2 (journaling flash filesystem 2) filesystem type is a
	# log-structured filesystem used in flash memory devices.
	#
	# Rationale
	# =========
	# Removing support for unneeded filesystem types reduces the local attack
	# surface of the system. If this filesystem type is not needed, disable it.
	#
	# Audit
	# =====
	# Run the following commands and verify the output is as indicated:
	#
	# # modprobe -n -v jffs2
	# install /bin/true
	# # lsmod \| grep jffs2
	# <No output>
	#
	# Remediation
	# ===========
	# Edit or create the file /etc/modprobe.d/CIS.conf and add the following line:
	#
	# install jffs2 /bin/true
	#
	parameters:
	linux:
	system:
	kernel:
	module:
	jffs2:
	install:
	command: /bin/true