The Red Hat Enterprise Linux operating system must disable the graphical user interface automounter unless required.

An XCCDF Rule

Description

Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity. Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227

ID: SV-219059r854002_rule
Version: RHEL-07-020111
Severity: Medium
References: CCI-000366 CCI-000778 CCI-001958
Updated: 15 days ago

Remediation Templates

Configure the graphical user interface to disable the ability to automount devices.

Note: The example below is using the database "local" for the system, so the path is "/etc/dconf/db/local.d". This path must be modified if a database other than "local" is being used.

Create or edit the /etc/dconf/db/local.d/00-No-Automount file and add the following:  
[org/gnome/desktop/media-handling]

automount=false

automount-open=false

autorun-never=true

Create or edit the /etc/dconf/db/local.d/locks/00-No-Automount file and add the following:
/org/gnome/desktop/media-handling/automount

/org/gnome/desktop/media-handling/automount-open

/org/gnome/desktop/media-handling/autorun-never

Run the following command to update the database:

# dconf update

The Red Hat Enterprise Linux operating system must disable the graphical user interface automounter unless required.

Description

Remediation Templates

A Manual Procedure