From 796f45708f1017c1b962c73b70adc6ecff3ad5e7 Mon Sep 17 00:00:00 2001
From: weiEther <11698634+weiether@user.noreply.gitee.com>
Date: Mon, 24 Apr 2023 09:09:43 +0000
Subject: [PATCH 01/11] =?UTF-8?q?=E6=B7=BB=E5=8A=A01.52-ensure-mounting-of?=
 =?UTF-8?q?-cramfs-filesystems-is-diasbled=E7=9A=84benchmark?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: weiEther <11698634+weiether@user.noreply.gitee.com>
---
 ...nting-of-cramfs-filesystems-is-diasbled.md | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md

diff --git a/scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md b/scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
new file mode 100644
index 0000000..ba7d4e1
--- /dev/null
+++ b/scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
@@ -0,0 +1,35 @@
+# 1.52 确保已禁用cramfs文件系统的挂载
+## 安全等级
+- Level 1
+## 描述
+cramfs文件系统是压缩的只读Linux文件系统，用于嵌入式系统。cramfs映像可以在不必先解压映像的情况下使用。  
+删除不需要的文件系统类型的支持可以减少系统本地攻击面。如果不需要这种文件系统类型，请禁用它。
+## 修复建议
+1. 执行以下命令，在/etc/modprobe.d/目录中编辑或创建一个以.conf结尾的文件，并添加配置。
+```bash
+# echo "install cramfs /bin/false" >> /etc/modprobe.d/cramfs.conf
+# echo "blacklist cramfs" >> /etc/modprobe.d/cramfs.conf
+```
+2. 运行以下命令以卸载cramfs模块：
+```bash
+# modprobe -r cramfs
+```
+## 扫描检测
+运行以下命令并验证输出是否符合预期。  
+1. 模块将如何被加载
+```bash
+# modprobe -n -v cramfs | grep "^install"
+install /bin/false
+```
+2. 模块当前是否已加载
+```bash
+# lsmod | grep cramfs
+<No output>
+```
+3. 模块是否被列入黑名单
+```bash
+# grep -E "^blacklist\s+cramfs" /etc/modprobe.d/*
+blacklist cramfs
+```
+## 参考
+- cis: <https://www.cisecurity.org/benchmark/aliyun_linux>
-- 
Gitee


From 700245a1ce8834431e3ab164245945e333808f4d Mon Sep 17 00:00:00 2001
From: weiEther <11698634+weiether@user.noreply.gitee.com>
Date: Mon, 24 Apr 2023 09:11:23 +0000
Subject: [PATCH 02/11] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20sc?=
 =?UTF-8?q?anners/access-and-control/1.52-ensure-mounting-of-cramfs-filesy?=
 =?UTF-8?q?stems-is-diasbled.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...nting-of-cramfs-filesystems-is-diasbled.md | 35 -------------------
 1 file changed, 35 deletions(-)
 delete mode 100644 scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md

diff --git a/scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md b/scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
deleted file mode 100644
index ba7d4e1..0000000
--- a/scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
+++ /dev/null
@@ -1,35 +0,0 @@
-# 1.52 确保已禁用cramfs文件系统的挂载
-## 安全等级
-- Level 1
-## 描述
-cramfs文件系统是压缩的只读Linux文件系统，用于嵌入式系统。cramfs映像可以在不必先解压映像的情况下使用。  
-删除不需要的文件系统类型的支持可以减少系统本地攻击面。如果不需要这种文件系统类型，请禁用它。
-## 修复建议
-1. 执行以下命令，在/etc/modprobe.d/目录中编辑或创建一个以.conf结尾的文件，并添加配置。
-```bash
-# echo "install cramfs /bin/false" >> /etc/modprobe.d/cramfs.conf
-# echo "blacklist cramfs" >> /etc/modprobe.d/cramfs.conf
-```
-2. 运行以下命令以卸载cramfs模块：
-```bash
-# modprobe -r cramfs
-```
-## 扫描检测
-运行以下命令并验证输出是否符合预期。  
-1. 模块将如何被加载
-```bash
-# modprobe -n -v cramfs | grep "^install"
-install /bin/false
-```
-2. 模块当前是否已加载
-```bash
-# lsmod | grep cramfs
-<No output>
-```
-3. 模块是否被列入黑名单
-```bash
-# grep -E "^blacklist\s+cramfs" /etc/modprobe.d/*
-blacklist cramfs
-```
-## 参考
-- cis: <https://www.cisecurity.org/benchmark/aliyun_linux>
-- 
Gitee


From 89fe76a259f21edbe9bb3387d74bf11a11291ded Mon Sep 17 00:00:00 2001
From: weiEther <m202171824@hust.edu.cn>
Date: Mon, 24 Apr 2023 09:51:30 +0000
Subject: [PATCH 03/11] =?UTF-8?q?=E6=B7=BB=E5=8A=A01.52-ensure-mounting-of?=
 =?UTF-8?q?-cramfs-filesystems-is-diasbled=E7=9A=84benchmark=E3=80=81?=
 =?UTF-8?q?=E6=89=AB=E6=8F=8F=E3=80=81=E4=BF=AE=E5=A4=8D=E8=84=9A=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: weiEther <m202171824@hust.edu.cn>
---
 ...nting-of-cramfs-filesystems-is-diasbled.md | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md

diff --git a/scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md b/scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
new file mode 100644
index 0000000..ba7d4e1
--- /dev/null
+++ b/scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
@@ -0,0 +1,35 @@
+# 1.52 确保已禁用cramfs文件系统的挂载
+## 安全等级
+- Level 1
+## 描述
+cramfs文件系统是压缩的只读Linux文件系统，用于嵌入式系统。cramfs映像可以在不必先解压映像的情况下使用。  
+删除不需要的文件系统类型的支持可以减少系统本地攻击面。如果不需要这种文件系统类型，请禁用它。
+## 修复建议
+1. 执行以下命令，在/etc/modprobe.d/目录中编辑或创建一个以.conf结尾的文件，并添加配置。
+```bash
+# echo "install cramfs /bin/false" >> /etc/modprobe.d/cramfs.conf
+# echo "blacklist cramfs" >> /etc/modprobe.d/cramfs.conf
+```
+2. 运行以下命令以卸载cramfs模块：
+```bash
+# modprobe -r cramfs
+```
+## 扫描检测
+运行以下命令并验证输出是否符合预期。  
+1. 模块将如何被加载
+```bash
+# modprobe -n -v cramfs | grep "^install"
+install /bin/false
+```
+2. 模块当前是否已加载
+```bash
+# lsmod | grep cramfs
+<No output>
+```
+3. 模块是否被列入黑名单
+```bash
+# grep -E "^blacklist\s+cramfs" /etc/modprobe.d/*
+blacklist cramfs
+```
+## 参考
+- cis: <https://www.cisecurity.org/benchmark/aliyun_linux>
-- 
Gitee


From e7f699ed80e5e6f16202b3853d56d1d09890def2 Mon Sep 17 00:00:00 2001
From: weiEther <m202171824@hust.edu.cn>
Date: Mon, 24 Apr 2023 09:53:58 +0000
Subject: [PATCH 04/11] =?UTF-8?q?=E6=B7=BB=E5=8A=A01.52-ensure-mounting-of?=
 =?UTF-8?q?-cramfs-filesystems-is-diasbled=E7=9A=84benchmark=E3=80=81?=
 =?UTF-8?q?=E6=89=AB=E6=8F=8F=E3=80=81=E4=BF=AE=E5=A4=8D=E8=84=9A=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: weiEther <m202171824@hust.edu.cn>
---
 ...nting-of-cramfs-filesystems-is-diasbled.md | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md

diff --git a/benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md b/benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
new file mode 100644
index 0000000..ba7d4e1
--- /dev/null
+++ b/benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
@@ -0,0 +1,35 @@
+# 1.52 确保已禁用cramfs文件系统的挂载
+## 安全等级
+- Level 1
+## 描述
+cramfs文件系统是压缩的只读Linux文件系统，用于嵌入式系统。cramfs映像可以在不必先解压映像的情况下使用。  
+删除不需要的文件系统类型的支持可以减少系统本地攻击面。如果不需要这种文件系统类型，请禁用它。
+## 修复建议
+1. 执行以下命令，在/etc/modprobe.d/目录中编辑或创建一个以.conf结尾的文件，并添加配置。
+```bash
+# echo "install cramfs /bin/false" >> /etc/modprobe.d/cramfs.conf
+# echo "blacklist cramfs" >> /etc/modprobe.d/cramfs.conf
+```
+2. 运行以下命令以卸载cramfs模块：
+```bash
+# modprobe -r cramfs
+```
+## 扫描检测
+运行以下命令并验证输出是否符合预期。  
+1. 模块将如何被加载
+```bash
+# modprobe -n -v cramfs | grep "^install"
+install /bin/false
+```
+2. 模块当前是否已加载
+```bash
+# lsmod | grep cramfs
+<No output>
+```
+3. 模块是否被列入黑名单
+```bash
+# grep -E "^blacklist\s+cramfs" /etc/modprobe.d/*
+blacklist cramfs
+```
+## 参考
+- cis: <https://www.cisecurity.org/benchmark/aliyun_linux>
-- 
Gitee


From 8197589851dc40474bbb99645ae31d4a7d87d183 Mon Sep 17 00:00:00 2001
From: weiEther <m202171824@hust.edu.cn>
Date: Mon, 24 Apr 2023 09:54:24 +0000
Subject: [PATCH 05/11] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20sc?=
 =?UTF-8?q?anners/access-and-control/1.52-ensure-mounting-of-cramfs-filesy?=
 =?UTF-8?q?stems-is-diasbled.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...nting-of-cramfs-filesystems-is-diasbled.md | 35 -------------------
 1 file changed, 35 deletions(-)
 delete mode 100644 scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md

diff --git a/scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md b/scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
deleted file mode 100644
index ba7d4e1..0000000
--- a/scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
+++ /dev/null
@@ -1,35 +0,0 @@
-# 1.52 确保已禁用cramfs文件系统的挂载
-## 安全等级
-- Level 1
-## 描述
-cramfs文件系统是压缩的只读Linux文件系统，用于嵌入式系统。cramfs映像可以在不必先解压映像的情况下使用。  
-删除不需要的文件系统类型的支持可以减少系统本地攻击面。如果不需要这种文件系统类型，请禁用它。
-## 修复建议
-1. 执行以下命令，在/etc/modprobe.d/目录中编辑或创建一个以.conf结尾的文件，并添加配置。
-```bash
-# echo "install cramfs /bin/false" >> /etc/modprobe.d/cramfs.conf
-# echo "blacklist cramfs" >> /etc/modprobe.d/cramfs.conf
-```
-2. 运行以下命令以卸载cramfs模块：
-```bash
-# modprobe -r cramfs
-```
-## 扫描检测
-运行以下命令并验证输出是否符合预期。  
-1. 模块将如何被加载
-```bash
-# modprobe -n -v cramfs | grep "^install"
-install /bin/false
-```
-2. 模块当前是否已加载
-```bash
-# lsmod | grep cramfs
-<No output>
-```
-3. 模块是否被列入黑名单
-```bash
-# grep -E "^blacklist\s+cramfs" /etc/modprobe.d/*
-blacklist cramfs
-```
-## 参考
-- cis: <https://www.cisecurity.org/benchmark/aliyun_linux>
-- 
Gitee


From a37ae420d21bc23ac128a27680c03e940c5efb06 Mon Sep 17 00:00:00 2001
From: weiEther <m202171824@hust.edu.cn>
Date: Mon, 24 Apr 2023 09:56:34 +0000
Subject: [PATCH 06/11] =?UTF-8?q?=E6=B7=BB=E5=8A=A01.52-ensure-mounting-of?=
 =?UTF-8?q?-cramfs-filesystems-is-diasbled=E7=9A=84benchmark=E3=80=81?=
 =?UTF-8?q?=E6=89=AB=E6=8F=8F=E3=80=81=E4=BF=AE=E5=A4=8D=E8=84=9A=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: weiEther <m202171824@hust.edu.cn>
---
 ...-ensure-mounting-of-cramfs-filesystems-is-disabled.sh | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-disabled.sh

diff --git a/scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-disabled.sh b/scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-disabled.sh
new file mode 100644
index 0000000..0b6e13e
--- /dev/null
+++ b/scanners/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-disabled.sh
@@ -0,0 +1,9 @@
+result=false
+
+modprobe -n -v cramfs | grep -q "^install" && test -z "$(lsmod | grep -e cramfs)" && grep -E -q "^blacklist[[:blank:]]*cramfs" /etc/modprobe.d/* && result=true
+
+if [ "$result" == true ]; then
+	echo "pass"
+else
+	echo "fail"
+fi
\ No newline at end of file
-- 
Gitee


From 2b8465925173b85b244cbe7860da3f7f3c182048 Mon Sep 17 00:00:00 2001
From: weiEther <m202171824@hust.edu.cn>
Date: Mon, 24 Apr 2023 09:57:16 +0000
Subject: [PATCH 07/11] =?UTF-8?q?=E6=B7=BB=E5=8A=A01.52-ensure-mounting-of?=
 =?UTF-8?q?-cramfs-filesystems-is-diasbled=E7=9A=84benchmark=E3=80=81?=
 =?UTF-8?q?=E6=89=AB=E6=8F=8F=E3=80=81=E4=BF=AE=E5=A4=8D=E8=84=9A=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: weiEther <m202171824@hust.edu.cn>
---
 .../1.52-ensure-mounting-of-cramfs-filesystems-is-disabled.sh  | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 remediation-kits/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-disabled.sh

diff --git a/remediation-kits/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-disabled.sh b/remediation-kits/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-disabled.sh
new file mode 100644
index 0000000..9b74e2e
--- /dev/null
+++ b/remediation-kits/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-disabled.sh
@@ -0,0 +1,3 @@
+echo "install cramfs /bin/false" >> /etc/modprobe.d/cramfs.conf
+echo "blacklist cramfs" >> /etc/modprobe.d/cramfs.conf
+modprobe -r cramfs
-- 
Gitee


From 418a915109fb10aff38cafd57cd4a1a81b61e087 Mon Sep 17 00:00:00 2001
From: weiEther <m202171824@hust.edu.cn>
Date: Mon, 24 Apr 2023 10:24:56 +0000
Subject: [PATCH 08/11] update docs/summary-of-rules.md.

Signed-off-by: weiEther <m202171824@hust.edu.cn>
---
 docs/summary-of-rules.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/summary-of-rules.md b/docs/summary-of-rules.md
index c97f4f0..3f918dc 100644
--- a/docs/summary-of-rules.md
+++ b/docs/summary-of-rules.md
@@ -51,6 +51,7 @@
 | 1.49     | 1.49-lock-or-delete-the-shutdown-and-halt-users.md           | 1.49 锁定或删除shutdown、halt用户                    | benchmarks/access-and-control       | 1     |
 | 1.50     | 1.50-ensure-ssh-x11-forwarding-is-disabled.md                | 1.50 确保SSH X11转发功能被禁用                    | benchmarks/access-and-control       | 1     |
 | 1.51     | 1.51-ensure-mounting-of-udf-filesystems-is-disabled.md           | 1.51 确保udf文件系统的挂载被禁用                    | benchmarks/access-and-control       | 1     | 
+| 1.52     | 1.52-ensure-mounting-of-cramfs-filesystems-is-disabled           | 1.52 确保cramfs文件系统的挂载被禁用                    | benchmarks/access-and-control       | 1     | 
 | 2.1      | 2.1-ensure-audit-log-files-are-not-read-or-write-accessible-by-unauthorized-users.md | 2.1 确保审计日志的文件权限被正确配置                 | benchmarks/logging-and-auditing     | 1     |
 | 2.2      | 2.2-ensure-only-authorized-users-own-audit-log-files.md      | 2.2 确保审计日志文件的所有者为已授权用户             | benchmarks/logging-and-auditing     | 1     |
 | 2.3      | 2.3-ensure-only-authorized-groups-ownership-of-audit-log-files.md | 2.3 确保审计日志文件的所属组为已授权的用户组         | benchmarks/logging-and-auditing     | 1     |
-- 
Gitee


From 09983c3854a0849275b3c21836095c68bd2c6ce0 Mon Sep 17 00:00:00 2001
From: weiEther <m202171824@hust.edu.cn>
Date: Mon, 24 Apr 2023 10:27:21 +0000
Subject: [PATCH 09/11] update
 benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md.

Signed-off-by: weiEther <m202171824@hust.edu.cn>
---
 ...ure-mounting-of-cramfs-filesystems-is-diasbled.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md b/benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
index ba7d4e1..f5f300b 100644
--- a/benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
+++ b/benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
@@ -1,10 +1,10 @@
-# 1.52 确保已禁用cramfs文件系统的挂载
-## 安全等级
-- Level 1
-## 描述
+# 1.52 确保已禁用cramfs文件系统的挂载  
+## 安全等级  
+- Level 1  
+## 描述  
 cramfs文件系统是压缩的只读Linux文件系统，用于嵌入式系统。cramfs映像可以在不必先解压映像的情况下使用。  
-删除不需要的文件系统类型的支持可以减少系统本地攻击面。如果不需要这种文件系统类型，请禁用它。
-## 修复建议
+删除不需要的文件系统类型的支持可以减少系统本地攻击面。如果不需要这种文件系统类型，请禁用它。  
+## 修复建议  
 1. 执行以下命令，在/etc/modprobe.d/目录中编辑或创建一个以.conf结尾的文件，并添加配置。
 ```bash
 # echo "install cramfs /bin/false" >> /etc/modprobe.d/cramfs.conf
-- 
Gitee


From 3efeef7ed31ffce40f70927d0925e540771553e7 Mon Sep 17 00:00:00 2001
From: weiEther <m202171824@hust.edu.cn>
Date: Mon, 24 Apr 2023 10:32:42 +0000
Subject: [PATCH 10/11] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20be?=
 =?UTF-8?q?nchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-file?=
 =?UTF-8?q?systems-is-diasbled.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...nting-of-cramfs-filesystems-is-diasbled.md | 35 -------------------
 1 file changed, 35 deletions(-)
 delete mode 100644 benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md

diff --git a/benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md b/benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
deleted file mode 100644
index f5f300b..0000000
--- a/benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
+++ /dev/null
@@ -1,35 +0,0 @@
-# 1.52 确保已禁用cramfs文件系统的挂载  
-## 安全等级  
-- Level 1  
-## 描述  
-cramfs文件系统是压缩的只读Linux文件系统，用于嵌入式系统。cramfs映像可以在不必先解压映像的情况下使用。  
-删除不需要的文件系统类型的支持可以减少系统本地攻击面。如果不需要这种文件系统类型，请禁用它。  
-## 修复建议  
-1. 执行以下命令，在/etc/modprobe.d/目录中编辑或创建一个以.conf结尾的文件，并添加配置。
-```bash
-# echo "install cramfs /bin/false" >> /etc/modprobe.d/cramfs.conf
-# echo "blacklist cramfs" >> /etc/modprobe.d/cramfs.conf
-```
-2. 运行以下命令以卸载cramfs模块：
-```bash
-# modprobe -r cramfs
-```
-## 扫描检测
-运行以下命令并验证输出是否符合预期。  
-1. 模块将如何被加载
-```bash
-# modprobe -n -v cramfs | grep "^install"
-install /bin/false
-```
-2. 模块当前是否已加载
-```bash
-# lsmod | grep cramfs
-<No output>
-```
-3. 模块是否被列入黑名单
-```bash
-# grep -E "^blacklist\s+cramfs" /etc/modprobe.d/*
-blacklist cramfs
-```
-## 参考
-- cis: <https://www.cisecurity.org/benchmark/aliyun_linux>
-- 
Gitee


From dfab4a7732f408107fc6c0893e9f77e136c2a925 Mon Sep 17 00:00:00 2001
From: weiEther <m202171824@hust.edu.cn>
Date: Mon, 24 Apr 2023 10:33:17 +0000
Subject: [PATCH 11/11] =?UTF-8?q?=E6=B7=BB=E5=8A=A01.52-ensure-mounting-of?=
 =?UTF-8?q?-cramfs-filesystems-is-diasbled=E7=9A=84benchmark=E3=80=81?=
 =?UTF-8?q?=E6=89=AB=E6=8F=8F=E3=80=81=E4=BF=AE=E5=A4=8D=E8=84=9A=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: weiEther <m202171824@hust.edu.cn>
---
 ...nting-of-cramfs-filesystems-is-diasbled.md | 57 +++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md

diff --git a/benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md b/benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
new file mode 100644
index 0000000..45d45f1
--- /dev/null
+++ b/benchmarks/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-diasbled.md
@@ -0,0 +1,57 @@
+# 1.52 确保已禁用cramfs文件系统的挂载
+
+## 安全等级
+
+- Level 1
+
+## 描述
+
+cramfs文件系统是压缩的只读Linux文件系统，用于嵌入式系统。cramfs映像可以在不必先解压映像的情况下使用。
+
+删除不需要的文件系统类型的支持可以减少系统本地攻击面。如果不需要这种文件系统类型，请禁用它。
+
+## 修复建议
+
+目标：确保cramfs文件系统的挂载被禁用。
+
+1. 执行以下命令，在/etc/modprobe.d/目录中编辑或创建一个以.conf结尾的文件，并添加配置。
+
+```bash
+# echo "install cramfs /bin/false" >> /etc/modprobe.d/cramfs.conf
+# echo "blacklist cramfs" >> /etc/modprobe.d/cramfs.conf
+```
+
+2. 运行以下命令以卸载cramfs模块：
+
+```bash
+# modprobe -r cramfs
+```
+
+## 扫描检测
+
+运行以下命令并验证输出是否符合预期。 
+
+1. 模块将如何被加载
+
+```bash
+# modprobe -n -v cramfs | grep "^install"
+install /bin/false
+```
+
+2. 模块当前是否已加载
+   
+```bash
+# lsmod | grep cramfs
+<No output>
+```
+
+3. 模块是否被列入黑名单
+
+```bash
+# grep -E "^blacklist\s+cramfs" /etc/modprobe.d/*
+blacklist cramfs
+```
+
+## 参考
+
+- cis: <https://www.cisecurity.org/benchmark/aliyun_linux>
-- 
Gitee