Profile Applicability:
• Level 1
Description:
The jffs2 kernel module provides support for the Journaling Flash File System version 2 (JFFS2), used mainly on flash devices in embedded systems. This module is typically unnecessary on most standard Linux servers.
Rationale:
Disabling the jffs2 kernel module when it is not needed reduces the kernel attack surface by eliminating unneeded filesystem support and potential exploitation paths.
Impact:
Pros:
Reduces kernel attack surface by disabling unused filesystem modules.
Prevents potential exploits related to jffs2 filesystem handling.
Cons:
Systems that require jffs2 will be unable to mount such filesystems if the module is disabled.
Default Value:
The jffs2 kernel module may be enabled or available by default on some Linux distributions.
Pre-requisites:
Root or sudo privileges to modify kernel module settings.
Access to /etc/modprobe.d/ for blacklist or disable configurations.
Remediation:
Test Plan:
Using Linux command line:
Check if the jffs2 module is loaded:
lsmod | grep jffs2
Verify blacklist or disable entries:
grep -r jffs2 /etc/modprobe.d/
Test module load behavior:
modprobe -n -v jffs2
Expected output should indicate the module is disabled, e.g., install /bin/false.
Implementation Plan:
Using Linux command line:
Create or edit /etc/modprobe.d/jffs2.conf:
echo "install jffs2 /bin/false" > /etc/modprobe.d/jffs2.conf echo "blacklist jffs2" >> /etc/modprobe.d/jffs2.conf
Unload the module if currently loaded:
modprobe -r jffs2
Reboot the system or reload module configurations.
Backout Plan:
Using Linux command line:
Remove blacklist and disable entries:
sed -i '/jffs2/d' /etc/modprobe.d/jffs2.conf
Optionally reload the module:
modprobe jffs2
Reboot the system.
References:
CIS Amazon Linux 2 Benchmark v3.0.0