The Red Hat Enterprise Linux operating system must disable the file system automounter unless required.

An XCCDF Rule

Description

<VulnDiscussion>Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity. Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-204451r853893_rule
Severity: Medium
References: CCI-000366 CCI-000778 CCI-001958
Updated: 8 months ago

Configure the operating system to disable the ability to automount devices.

Turn off the automount service with the following commands:

# systemctl stop autofs
# systemctl disable autofs
If "autofs" is required for Network File System (NFS), it must be documented with the ISSO.

The Red Hat Enterprise Linux operating system must disable the file system automounter unless required.

Description

Remediation - Manual Procedure