Back

Configure the "Support for squashfs filesystems" setting to organizational standards.


CONTROL ID
08770
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Red Hat Enterprise Linux to Organizational Standards., CC ID: 08713

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Title: Disable Mounting of squashfs Filesystems Description: The squashfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems (similar to cramfs). A squashfs image can be used without having to first decompress the image. Rationale: Removing support for… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.23_Disable_Mounting_of_squashfs_Filesystems Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.23.1_, The Center for Internet Security CentOS 6 Level 2 Benchmark, 1.0.0)
  • Title: Disable Mounting of squashfs Filesystems Description: The squashfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems (similar to cramfs). A squashfs image can be used without having to first decompress the image. Rationale: Removing support for… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.23_Disable_Mounting_of_squashfs_Filesystems Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.23.2_, The Center for Internet Security CentOS 6 Level 2 Benchmark, 1.0.0)
  • Title: Disable Mounting of squashfs Filesystems Description: The squashfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems (similar to cramfs). A squashfs image can be used without having to first decompress the image. Rationale: Removing support f… (Rule:xccdf_org.cisecurity.benchmarks_rule_1.1.23_Disable_Mounting_of_squashfs_Filesystems Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_1.1.23.1_, The Center for Internet Security Red Hat Enterprise Linux 6 Level 2 Benchmark, 1.2.0)
  • Title: Disable Mounting of squashfs Filesystems Description: The squashfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems (similar to cramfs). A squashfs image can be used without having to first decompress the image. Rationale: Removing support f… (Rule:xccdf_org.cisecurity.benchmarks_rule_1.1.23_Disable_Mounting_of_squashfs_Filesystems Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_1.1.23.2_, The Center for Internet Security Red Hat Enterprise Linux 6 Level 2 Benchmark, 1.2.0)
  • Title: Disable Mounting of squashfs Filesystems Description: The squashfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems (similar to cramfs). A squashfs image can be used without having to first decompress the image. Rationale: Removing sup… (Rule: xccdf_org.cisecurity.benchmarks_rule_2.23_Disable_Mounting_of_squashfs_Filesystems Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_2.23.1_, The Center for Internet Security Ubuntu 12.04 LTS Level 2 Benchmark, v1.0.0)
  • Title: Disable Mounting of squashfs Filesystems Description: The squashfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems (similar to cramfs). A squashfs image can be used without having to first decompress the image. Rationale: Removing sup… (Rule: xccdf_org.cisecurity.benchmarks_rule_2.23_Disable_Mounting_of_squashfs_Filesystems Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_2.23.2_, The Center for Internet Security Ubuntu 12.04 LTS Level 2 Benchmark, v1.0.0)
  • Ensure mounting of squashfs filesystems is disabled Description: The `squashfs` filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems (similar to `cramfs` ). A `squashfs` image can be used without having to first decompress the image. Rationale: Removing supp… (1.1.1.3, CIS Oracle Linux 8 Benchmark, Server Level 1, v1.0.1)
  • Ensure mounting of squashfs filesystems is disabled Description: The `squashfs` filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems (similar to `cramfs` ). A `squashfs` image can be used without having to first decompress the image. Rationale: Removing supp… (1.1.1.3, CIS Oracle Linux 8 Benchmark, Server Level 2, v1.0.1)
  • Support for squashfs filesystems should be enabeld or disabled as appropriate. Technical Mechanisms: (1) via /etc/modprobe.conf (2) via configuration file in /etc/modprobe.d (3) via MODPROBE_OPTIONS environment variable Parameters: enabled / disabled References: Section: 2.2.2.5 - Disa… (CCE-14118-4, Common Configuration Enumeration List, Combined XML: Red Hat Enterprise Linux 5, 5.20130214)