Disable kernel debugfs

An XCCDF Rule

Details
Profiles
Prose

Description

debugfs is a virtual file system that kernel developers use to put debugging files into. Enable this option to be able to read and write to these files. The configuration that was used to build kernel is available at /boot/config-*. To check the configuration value for CONFIG_DEBUG_FS, run the following command: grep CONFIG_DEBUG_FS /boot/config-* Configs with value 'n' are not explicitly set in the file, so either commented lines or no lines should be returned.

warning alert: Warning

There is no remediation for this besides re-compiling the kernel with the appropriate value for the config.

Rationale

To reduce the attack surface, this file system should be disabled if not in use.

ID: xccdf_org.ssgproject.content_rule_kernel_config_debug_fs
Severity: Low
References: BP28(R15)
Updated: about 1 year ago