From 9e40ff055195b1e8637d1e957c3f8db01f99bbc1 Mon Sep 17 00:00:00 2001 From: Raja Grewal Date: Mon, 15 Jul 2024 20:54:18 +1000 Subject: [PATCH] Disable more network file systems --- etc/modprobe.d/30_security-misc_disable.conf | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/etc/modprobe.d/30_security-misc_disable.conf b/etc/modprobe.d/30_security-misc_disable.conf index 40bcf7f..423aced 100644 --- a/etc/modprobe.d/30_security-misc_disable.conf +++ b/etc/modprobe.d/30_security-misc_disable.conf @@ -91,10 +91,23 @@ install mei-me /usr/bin/disabled-intelme-by-security-misc ## Network File Systems: ## Disable uncommon network file systems to reduce attack surface. ## -install cifs /usr/bin/disabled-netfilesys-by-security-misc install gfs2 /usr/bin/disabled-netfilesys-by-security-misc install ksmbd /usr/bin/disabled-netfilesys-by-security-misc +## +## Common Internet File System (CIFS): +## +install cifs /usr/bin/disabled-netfilesys-by-security-misc +install cifs_arc4 /usr/bin/disabled-netfilesys-by-security-misc +install cifs_md4 /usr/bin/disabled-netfilesys-by-security-misc +## +## Network File System (NFS): +## install nfs /usr/bin/disabled-netfilesys-by-security-misc +install nfs_acl /usr/bin/disabled-netfilesys-by-security-misc +install nfs_layout_nfsv41_files /usr/bin/disabled-netfilesys-by-security-misc +install nfs_layout_flexfiles /usr/bin/disabled-netfilesys-by-security-misc +install nfsd /usr/bin/disabled-netfilesys-by-security-misc +install nfsv2 /usr/bin/disabled-netfilesys-by-security-misc install nfsv3 /usr/bin/disabled-netfilesys-by-security-misc install nfsv4 /usr/bin/disabled-netfilesys-by-security-misc