{"description": "\nTo configure the system to prevent the <code>overlayfs</code>\nkernel module from being loaded, add the following line to the file <code>/etc/modprobe.d/overlayfs.conf</code>:\n<pre>install overlayfs /bin/false</pre>\nThis entry will cause a non-zero return value during a <code>overlayfs</code> module installation\nand additionally convey the meaning of the entry to the user in form of an error message.\nIf you would like to omit a non-zero return value and an error message, you may want to add a different line instead\n(both <code>/bin/true</code> and <code>/bin/false</code> are allowed by OVAL and will be accepted by the scan):\n<pre>install overlayfs /bin/true</pre>\n\noverlayfs is a Linux filesystem that layers multiple filesystems to create a single\nunified view which allows a user to \"merge\" several mount points into a unified\nfilesystem.", "rationale": "The overlayfs has known CVE's. Disabling the overlayfs reduces the local attack \nsurface by removing support for unnecessary filesystem types and mitigates potential\nrisks associated with unauthorized execution of setuid files, enhancing the overall\nsystem security.", "severity": "low", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure overlayfs kernel module is not available", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/mounting/kernel_module_overlayfs_disabled/rule.yml", "template": {"name": "kernel_module_disabled", "vars": {"kernmodule": "overlayfs"}, "backends": {}}}