Disable squashfs Filesystem in Linux

Created as one of the article to review on one of the compiled recommendation from CIS (Center for Internet Security) about CentOS 7 Linux benchmark focusing on providing an establish standard for guidelines to implement secure configuration in machine or server running CentOS 7 with the architecture either 32-bit or 64-bit, the focus will be pointed on disabling squashfs filesystem.

The purpose for disabling squashfs is for hardening the security of the operating system. One of Wikipedia’s page define squashfs with the following definition :

SquashFS is a compressed read-only file system for Linux. SquashFS compresses files, inodes and directories, and supports block sizes up to 1 MB for greater compression. SquashFS is also the name of free software, licensed under the GPL, for accessing SquashFS filesystems.

Continue reading “Disable squashfs Filesystem in Linux”

Disable udf Filesystem in Linux

This is another  article which is also  a review about one of the recommendation which is compiled from CIS (Center for Internet Security) regarding on CentOS 7 Linux benchmark. The recommendation which focus on providing a guidelines to establish standard of a secure configuration implemented in server running CentOS 7 either in x86 or x64 platforms is disabling udf filesystem.

By disabling udf which is one of linux filesystem’s type, it is expected to add another point for hardening security in the operating system level. In this context, udf based on Wikipedia’s definition is known as Universal Disk Format (UDF), it is a profile of the specification known as ISO/IEC 13346 and ECMA-167 and is an open vendor-neutral file system for computer data storage for a broad range of media. In practice, it has been most widely used for DVDs and newer optical disc formats, supplanting ISO 9660. The information about udf itself in the previous definition can be found in this link and it also can be viewed in a more detailed description.

Depends on the version of the operating system, in this case CentOS Linux distribution can use the recommendation which is classified and specified not only in the Guide to the Secure Configuration of Redhat Enterprise Linux 6 where the full recommendation of it can be accessed as a webpage in this link but also in the Guide to the Secure Configuration of Redhat Enterprise Linux 7 which can be found in this link in form of a webpage. The PDF file version is available for download in this link. The CCE Identifiers or CCE ID for Disabling Mounting of udf is CCE-26677-5 in RedHat Enterprise Linux 6 and on the other hand the CCE ID for Disabling Mounting of UDF isCCE-80143-1 for RedHat Enterprise Linux 7.

Continue reading “Disable udf Filesystem in Linux”

Disable cramfs Filesystem in Linux

In this article, there will be a review about one of the recommendation which is compiled from CIS (Center for Internet Security) regarding on CentOS 7 Linux benchmark. The focus is providing a guidelines to establish standard for a secure configuration implemented in server running CentOS 7 either in x86 or x64 platforms. For further reference, it can be viewed in the following link. It is the website intended for security benchmarking which is supported by an organization called CIS (Center for Internet Security) and it can be visited in this link.

The recommendation in this context is  disabling cramfs which is one of a type of linux filesystem. In this context, cramfs based on Wikipedia’s definition is know as compressed ROM file system (or cramfs), and it is a free (GPL‘ed) read-only Linux file system designed for simplicity and space-efficiency. It is mainly used in embedded and small-footprint systems. The information about cramfs can be found in this link.

The recommendation itself is one of CCE Identifiers specified in Guide to the Secure Configuration of Redhat Enterprise Linux 6. The CCE Identifiers or CCE ID for Disabling Mounting of cramfs is CCE-26340-0. The full recommendation can be accessed as a webpage in this link. On the other hand, CentOS 7 which is analog and can be compared generally with Redhat Enterprise Linux 7 has its own full recommendation which can be found in this link in form of a webpage and in this link in form of PDF file. The CCE ID for the recommendation on Disabling Mounting cramfs is CCE-80137-3.

Continue reading “Disable cramfs Filesystem in Linux”