|
 |
a297d8 |
From eea787e1453b19aa949903c39189479538fbbab9 Mon Sep 17 00:00:00 2001
|
|
|
a297d8 |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
a297d8 |
Date: Fri, 12 Feb 2021 10:36:10 +0100
|
|
|
a297d8 |
Subject: [PATCH] remove mrules disabling vfat file systems from cis profiles
|
|
|
a297d8 |
|
|
|
a297d8 |
---
|
|
|
a297d8 |
rhcos4/profiles/moderate.profile | 1 -
|
|
|
a297d8 |
rhel7/profiles/cis.profile | 3 +--
|
|
|
a297d8 |
rhel8/profiles/cis.profile | 4 ++--
|
|
|
a297d8 |
sle15/profiles/cis.profile | 1 -
|
|
|
a297d8 |
4 files changed, 3 insertions(+), 6 deletions(-)
|
|
|
a297d8 |
|
|
|
a297d8 |
diff --git a/rhcos4/profiles/moderate.profile b/rhcos4/profiles/moderate.profile
|
|
|
a297d8 |
index 4e715cae9a..966e092c97 100644
|
|
|
a297d8 |
--- a/rhcos4/profiles/moderate.profile
|
|
|
a297d8 |
+++ b/rhcos4/profiles/moderate.profile
|
|
|
a297d8 |
@@ -627,4 +627,3 @@ selections:
|
|
|
a297d8 |
- kernel_module_squashfs_disabled
|
|
|
a297d8 |
- kernel_module_udf_disabled
|
|
|
a297d8 |
- kernel_module_usb-storage_disabled
|
|
|
a297d8 |
- - kernel_module_vfat_disabled
|
|
|
a297d8 |
diff --git a/rhel7/profiles/cis.profile b/rhel7/profiles/cis.profile
|
|
|
a297d8 |
index 22d5117546..093d2b5759 100644
|
|
|
a297d8 |
--- a/rhel7/profiles/cis.profile
|
|
|
a297d8 |
+++ b/rhel7/profiles/cis.profile
|
|
|
a297d8 |
@@ -46,8 +46,7 @@ selections:
|
|
|
a297d8 |
#### 1.1.1.7 Ensure mounting of udf filesystems is disabled (Scored)
|
|
|
a297d8 |
- kernel_module_udf_disabled
|
|
|
a297d8 |
|
|
|
a297d8 |
- #### 1.1.1.8 Ensure mounting of FAT filesystems is disabled (Scored)
|
|
|
a297d8 |
- - kernel_module_vfat_disabled
|
|
|
a297d8 |
+ #### 1.1.1.8 Ensure mounting of FAT filesystems is disabled (Manual)
|
|
|
a297d8 |
|
|
|
a297d8 |
### 1.1.2 Ensure separate partition exists for /tmp (Scored)
|
|
|
a297d8 |
- partition_for_tmp
|
|
|
a297d8 |
diff --git a/rhel8/profiles/cis.profile b/rhel8/profiles/cis.profile
|
|
|
a297d8 |
index 9ceeb74f9a..e96d2fbb9d 100644
|
|
|
a297d8 |
--- a/rhel8/profiles/cis.profile
|
|
|
a297d8 |
+++ b/rhel8/profiles/cis.profile
|
|
|
a297d8 |
@@ -31,8 +31,8 @@ selections:
|
|
|
a297d8 |
#### 1.1.1.1 Ensure mounting cramfs filesystems is disabled (Scored)
|
|
|
a297d8 |
- kernel_module_cramfs_disabled
|
|
|
a297d8 |
|
|
|
a297d8 |
- #### 1.1.1.2 Ensure mounting of vFAT flesystems is limited (Not Scored)
|
|
|
a297d8 |
- - kernel_module_vfat_disabled
|
|
|
a297d8 |
+ #### 1.1.1.2 Ensure mounting of vFAT filesystems is limited (Not Scored)
|
|
|
a297d8 |
+
|
|
|
a297d8 |
|
|
|
a297d8 |
#### 1.1.1.3 Ensure mounting of squashfs filesystems is disabled (Scored)
|
|
|
a297d8 |
- kernel_module_squashfs_disabled
|
|
|
a297d8 |
diff --git a/sle15/profiles/cis.profile b/sle15/profiles/cis.profile
|
|
|
a297d8 |
index 9a0efedbdd..fa9ff3b775 100644
|
|
|
a297d8 |
--- a/sle15/profiles/cis.profile
|
|
|
a297d8 |
+++ b/sle15/profiles/cis.profile
|
|
|
a297d8 |
@@ -25,7 +25,6 @@ selections:
|
|
|
a297d8 |
- kernel_module_udf_disabled
|
|
|
a297d8 |
|
|
|
a297d8 |
#### 1.1.1.4 Ensure mounting of vFAT flesystems is limited (Not Scored)
|
|
|
a297d8 |
- - kernel_module_vfat_disabled
|
|
|
a297d8 |
|
|
|
a297d8 |
### 1.1.2 Ensure /tmp is configured (Scored)
|
|
|
a297d8 |
- partition_for_tmp
|