In this series of articles, we will examine the mentioned cases for securing Linux servers based on the cis standard. A number of file systems that are unusual for use are supported in Linux, which need to be disabled in order to secure the server. Common and common file systems are used in such a way that they meet our expectations of the file system and its security, and as a result, there is no need for external file systems except in special cases that need to be used with caution. One of these file systems is cramfs, the use of which is that photos can be used without needing to be decompressed. This will lower the attack vector. To check, first enter the following command:
lsmod | grep cramfsthen :
modprobe -n -v cramfsThen, based on the output of the above two commands that check the service loading status in the kernel, we create a file with the following command in the path mentioned:
vim /etc/modprobe.d/cramfs.confWe put the content of the file:
install cramfs /bin/trueThen save the file and disable the module with the following command:
rmmod cramfs