1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
documentation_complete: true
title: 'Disable Mounting of cramfs'
description: |-
{{{ describe_module_disable(module="cramfs") }}}
This effectively prevents usage of this uncommon filesystem.
The <tt>cramfs</tt> filesystem type is a compressed read-only
Linux filesystem embedded in small footprint systems. A
<tt>cramfs</tt> image can be used without having to first
decompress the image.
rationale: |-
Removing support for unneeded filesystem types reduces the local attack surface
of the server.
severity: low
platform: system_with_kernel
identifiers:
cce@rhcos4: CCE-82514-1
cce@rhel8: CCE-81031-7
cce@rhel9: CCE-83853-2
cce@rhel10: CCE-90005-0
cce@sle12: CCE-92297-1
cce@sle15: CCE-92451-4
cce@slmicro5: CCE-93948-8
references:
cis-csc: 11,14,3,9
cis@sle12: 1.1.1.1
cis@sle15: 1.1.1.1
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
cui: 3.4.6
isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'
iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2
nist: CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.IP-1,PR.PT-3
srg: SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-040025
{{{ complete_ocil_entry_module_disable(module="cramfs") }}}
fixtext: '{{{ fixtext_kernel_module_disabled("cramfs") }}}'
srg_requirement: '{{{ srg_requirement_kernel_module_disable("cramfs") }}}'
template:
name: kernel_module_disabled
vars:
kernmodule: cramfs
|
