Details

The FAT filesystem format is primarily used on older windows systems and portable USB

drives or flash modules. It comes in three types FAT12 , FAT16 , and FAT32 all of which are

supported by the vfat kernel module.

Rationale:

Removing support for unneeded filesystem types reduces the local attack surface of the

system. If this filesystem type is not needed, disable it.

Solution

Edit or create a file in the /etc/modprobe.d/ directory ending in .conf
Example: vim /etc/modprobe.d/vfat.conf

install vfat /bin/true

Run the following command to unload the vfat module:

# rmmod vfat

Impact:

The FAT filesystem format is used by UEFI systems for the EFI boot partition. Disabling the
vfat module can prevent boot on UEFI systems.

FAT filesystems are often used on portable USB sticks and other flash media which are
commonly used to transfer files between workstations, removing VFAT support may
prevent the ability to transfer files in this way.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2420https://workbench.cisecurity.org/files/2420

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-6
• CSCv6|13
• CSCv7|5.1

Source

• Tenable.com/audits