AlmaLinux OS 9 must prevent a user from overriding the disabling of the graphical user interface automount function.

An XCCDF Rule

Details
Profiles

Description

Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity. Satisfies: SRG-OS-000378-GPOS-00163, SRG-OS-000114-GPOS-00059

ID: SV-269378r1050261_rule
Version: ALMA-09-035000
Severity: Medium
References: CCI-000778 CCI-001958
Updated: about 2 months ago

Remediation Templates

Configure the GNOME desktop to not allow a user to change the setting that disables automated mounting of removable media.

Add the following line to "/etc/dconf/db/local.d/locks/00-security-settings-lock" to prevent user modification:

/org/gnome/desktop/media-handling/automount-open
Then update the dconf system databases:

$ dconf update

AlmaLinux OS 9 must prevent a user from overriding the disabling of the graphical user interface automount function.

Description

Remediation Templates

A Manual Procedure