Title

The ext3 filesystem type must be used for the primary Linux file system partitions. (Cat II impact)

Discussion

The ext3 type is most suitable for securing a Linux installation. It also offers the immutable and append only file attributes which are most useful in protecting system logs and other files. A file with the append only attribute may only be modified by appending data to the end of the file. The immutable attribute protects a file from being modified, deleted, or renamed. In addition, links may not be created to the file.

Check Content

Perform the following to check for ext3 filesystems: # more /etc/fstab If a local filesystem on a Linux platform is not using ext3, this is a finding. Note: the CD, floppy drives, proc, and, swap entries do not support ext3.

Fix Text

Use the ext3 filesystem type for Linux partitions.

Additional Identifiers

Rule ID: SV-1015r2_rule

Vulnerability ID: V-1015

Group Title: GEN000000-LNX00240

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.