The TOSS file system automounter must be disabled unless required.

An XCCDF Rule

Details
Profiles
Prose

Description

<VulnDiscussion>Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-252916r958498_rule
Severity: Medium
References: CCI-000778
Updated: 17 days ago

Configure the operating system to disable the ability to automount devices.

Turn off the automount service with the following commands:

$ sudo systemctl stop autofs
$ sudo systemctl disable autofs
If "autofs" is required for Network File System (NFS), it must be documented with the ISSO.

The TOSS file system automounter must be disabled unless required.

Description

Remediation - Manual Procedure