Отключите монтирование некоторых файловых систем
Я выполнил lynis на своем госте LTS Ubuntu 16.04.2. Я решал вопросы, но после большого поиска (включая на этом сайте) я, может казаться, не нахожу предложение для разрешения этих потерь точки. Любые указатели больше всего ценились бы.
Performing test ID FILE-6430 (Disable mounting of some filesystems)
Result: found module support in kernel: insmod /lib/modules/4.4.0-81-generic/kernel/fs/cramfs/cramfs.ko
Test: Checking if cramfs is active
Result: module cramfs is not loaded in the kernel
Hardening: assigned partial number of hardening points (2 of 3). Currently having 80 points (out of 87)
Result: found module support in kernel: insmod /lib/modules/4.4.0-81-generic/kernel/fs/freevxfs/freevxfs.ko
Test: Checking if freevxfs is active
Result: module freevxfs is not loaded in the kernel
Hardening: assigned partial number of hardening points (2 of 3). Currently having 82 points (out of 90)
Result: found module support in kernel: insmod /lib/modules/4.4.0-81-generic/kernel/fs/hfs/hfs.ko
Test: Checking if hfs is active
Result: module hfs is not loaded in the kernel
Hardening: assigned partial number of hardening points (2 of 3). Currently having 84 points (out of 93)
Result: found module support in kernel: insmod /lib/modules/4.4.0-81-generic/kernel/fs/hfsplus/hfsplus.ko
Test: Checking if hfsplus is active
Result: module hfsplus is not loaded in the kernel
Hardening: assigned partial number of hardening points (2 of 3). Currently having 86 points (out of 96)
Result: found module support in kernel: insmod /lib/modules/4.4.0-81-generic/kernel/fs/jffs2/jffs2.ko
Test: Checking if jffs2 is active
Result: module jffs2 is not loaded in the kernel
Hardening: assigned partial number of hardening points (2 of 3). Currently having 88 points (out of 99)
Hardening: assigned maximum number of hardening points for this item (3). Currently having 91 points (out of 102)
Result: found module support in kernel: insmod /lib/modules/4.4.0-81-generic/kernel/fs/udf/udf.ko
Test: Checking if udf is active
Result: module udf is not loaded in the kernel
Hardening: assigned partial number of hardening points (2 of 3). Currently having 93 points (out of 105)
Checking permissions of /usr/share/lynis/include/tests_storage
File permissions are OK
0
задан MikeJRamsey56
26 June 2017 в 13:20
поделиться
1 ответ
Я нашел ответ. Отредактируйте файл
/etc/modprobe.d/blacklist.conf
и добавьте в конец следующее
# instruct modprobe to force inactive modules to always fail loading
install cramfs /bin/false
install freevxfs /bin/false
install hfs /bin/false
install hfsplus /bin/false
install jffs2 /bin/false
install udf /bin/false
1
ответ дан MikeJRamsey56
3 November 2019 в 01:06
поделиться