Disable Mounting of jffs2
An XCCDF Rule
Description
To configure the system to prevent the jffs2
kernel module from being loaded, add the following line to the file /etc/modprobe.d/jffs2.conf
:
install jffs2 /bin/trueThis effectively prevents usage of this uncommon filesystem.
Rationale
Linux kernel modules which implement filesystems that are not needed by the local system should be disabled.
- ID
- xccdf_org.ssgproject.content_rule_kernel_module_jffs2_disabled
- Severity
- Low
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
if LC_ALL=C grep -q -m 1 "^install jffs2" /etc/modprobe.d/jffs2.conf ; then
sed -i 's#^install jffs2.*#install jffs2 /bin/true#g' /etc/modprobe.d/jffs2.conf
Remediation - Ansible
- name: Ensure kernel module 'jffs2' is disabled
lineinfile:
create: true
dest: /etc/modprobe.d/jffs2.conf
regexp: install\s+jffs2
line: install jffs2 /bin/false