AlmaLinux OS 9 must disable mounting of cramfs.
An XCCDF Rule
Description
Removing support for unneeded filesystem types reduces the local attack surface of the server. Compressed ROM/RAM file system (or cramfs) is a read-only file system designed for simplicity and space-efficiency. It is mainly used in embedded and small-footprint systems.
- ID
- SV-269344r1050226_rule
- Version
- ALMA-09-029940
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
To configure the system to prevent the cramfs kernel module from being loaded, create a *.conf file in /etc/modprobe.d/ with the following content:
install cramfs /bin/false
blacklist cramfs