Details
The `cramfs` filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems. A `cramfs` image can be used without having to first decompress the image.
Removing support for unneeded filesystem types reduces the local attack surface of the server. If this filesystem type is not needed, disable it.
Solution
Edit or create the file `/etc/modprobe.d/CIS.conf` and add the following line:
“`
install cramfs /bin/true
“`
Run the following command to unload the `cramfs` module:
“`
# rmmod cramfs
“`
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.