RHEL 9 must prevent a user from overriding the disabling of the graphical user interface autorun function.

An XCCDF Rule

Details
Profiles

Description

Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators. Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227

ID: SV-258017r1045088_rule
Version: RHEL-09-271035
Severity: Medium
References: CCI-000778 CCI-001958
Updated: about 2 months ago

Remediation Templates

Configure the GNOME desktop to not allow a user to change the setting that disables autorun on removable media.

Add the following line to "/etc/dconf/db/local.d/locks/00-security-settings-lock" to prevent user modification:

/org/gnome/desktop/media-handling/autorun-never
Then update the dconf system databases:

$ sudo dconf update

RHEL 9 must prevent a user from overriding the disabling of the graphical user interface autorun function.

Description

Remediation Templates

A Manual Procedure