The TOSS file system automounter must be disabled unless required.

An XCCDF Rule

Description

Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity.

ID: SV-252916r958498_rule
Version: TOSS-04-010050
Severity: Medium
References: CCI-000778
Updated: 5 days ago

Remediation Templates

Configure the operating system to disable the ability to automount devices.

Turn off the automount service with the following commands:

$ sudo systemctl stop autofs
$ sudo systemctl disable autofs
If "autofs" is required for Network File System (NFS), it must be documented with the ISSO.