Skip to content

Disable Mounting of vFAT filesystems

An XCCDF Rule

Description

To configure the system to prevent the vfat kernel module from being loaded, add the following line to the file /etc/modprobe.d/vfat.conf:

install vfat /bin/true
To configure the system to prevent the vfat from being used, add the following line to file /etc/modprobe.d/vfat.conf:
blacklist vfat
This effectively prevents usage of this uncommon filesystem. The vFAT filesystem format is primarily used on older windows systems and portable USB drives or flash modules. It comes in three types FAT12, FAT16, and FAT32 all of which are supported by the vfat kernel module.

Rationale

Removing support for unneeded filesystems reduces the local attack surface of the system.

ID
xccdf_org.ssgproject.content_rule_kernel_module_vfat_disabled
Severity
Low
References
Updated



Remediation - Kubernetes Patch

---
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
  config:
    ignition:

Remediation - Ansible

- name: Ensure kernel module 'vfat' is disabled
  lineinfile:
    create: true
    dest: /etc/modprobe.d/vfat.conf
    regexp: install\s+vfat
    line: install vfat /bin/false

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

if LC_ALL=C grep -q -m 1 "^install vfat" /etc/modprobe.d/vfat.conf ; then
	
	sed -i 's#^install vfat.*#install vfat /bin/true#g' /etc/modprobe.d/vfat.conf