The OL 8 file system automounter must be disabled unless required.

An XCCDF Rule

Description

<VulnDiscussion>Verify the operating system disables the ability to automount devices. Determine if automounter service is active with the following command: $ sudo systemctl status autofs autofs.service - Automounts filesystems on demand Loaded: loaded (/usr/lib/systemd/system/autofs.service; disabled) Active: inactive (dead) If the "autofs" status is set to "active" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-248836r780074_rule
Severity: Medium
References: CCI-000778
Updated: 8 months ago

Configure OL 8 to disable the ability to automount devices. 
 
Turn off the automount service with the following commands: 
 
$ sudo systemctl stop autofs 
$ sudo systemctl disable autofs  
If "autofs" is required for Network File System (NFS), it must be documented with the ISSO.

The OL 8 file system automounter must be disabled unless required.

Description

Remediation - Manual Procedure