Disable Mounting of jffs2

Docs > Datadog Security > OOTB Rules > Disable Mounting of jffs2

Classification:

compliance

Framework:

Control:

Description

To configure the system to prevent the jffs2 kernel module from being loaded, add the following line to the file /etc/modprobe.d/jffs2.conf:

install jffs2 /bin/true

This effectively prevents usage of this uncommon filesystem.

Rationale

Linux kernel modules which implement filesystems that are not needed by the local system should be disabled.

Remediation

Shell script

The following script can be run on the host to remediate the issue.

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

if LC\_ALL=C grep -q -m 1 "^install jffs2" /etc/modprobe.d/jffs2.conf ; then
 
 sed -i 's#^install jffs2.\*#install jffs2 /bin/true#g' /etc/modprobe.d/jffs2.conf
else
 echo -e "\n# Disable per security requirements" >> /etc/modprobe.d/jffs2.conf
 echo "install jffs2 /bin/true" >> /etc/modprobe.d/jffs2.conf
fi

else
 >&2 echo 'Remediation is not applicable, nothing was done'
fi

Ansible playbook

The following playbook can be run with Ansible to remediate the issue.

- name: Ensure kernel module 'jffs2' is disabled
 lineinfile:
 create: true
 dest: /etc/modprobe.d/jffs2.conf
 regexp: install\s+jffs2
 line: install jffs2 /bin/true
 when: ansible\_virtualization\_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - NIST-800-171-3.4.6
 - NIST-800-53-CM-6(a)
 - NIST-800-53-CM-7(a)
 - NIST-800-53-CM-7(b)
 - disable\_strategy
 - kernel\_module\_jffs2\_disabled
 - low\_complexity
 - low\_severity
 - medium\_disruption
 - reboot\_required