CCE-90756-8Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Disable the Automounter
The 'autofs' daemon mounts and unmounts filesystems, such as user
home directories shared via NFS, on demand. In addition, autofs can be used to handle
removable media, and the default configuration provides the cdrom device as '/misc/cd'.
However, this method of providing access to removable media is not common, so autofs
can almost always be disabled if NFS is not in use. Even if NFS is required, it may be
possible to configure filesystem mounts statically by editing '/etc/fstab'
rather than relying on the automounter.
The 'autofs' service can be disabled with the following command:
'$ sudo systemctl disable autofs'
Parameter:
Technical Mechanism:
Disabling the automounter permits the administrator to
statically control filesystem mounting through '/etc/fstab'.
Fix:
#
# Disable autofs.service for all systemd targets
#
systemctl disable autofs.service
#
# Stop autofs.service if currently running
#
systemctl stop autofs.service
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31168 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30445 |