CCE-95498-2Platform: cpe:/o:amazon:linux:2, cpe:/o:centos:centos:7, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:9 | Date: (C)2021-03-05 (M)2023-07-04 |
Description
autofs allows automatic mounting of devices, typically including CD/DVDs and USB drives.
Rationale
With automounting enabled anyone with physical access could attach a USB drive or disc and have its contents available in system even if they lacked permissions to mount it themselves.
Audit
Run the following command and verify result is not enabled:
# systemctl is-enabled autofs
disabled
Remediation
Run the following command to disable autofs:
# systemctl disable autofs
Impact
The use portable hard drives is very common for workstation users. If your organization allows the use of portable storage or media on workstations and physical access controls to workstations is considered adequate there is little value add in turning off automounting.
Notes
This control should align with the tolerance of the use of portable drives and optical media in the organization. On a server requiring an admin to manually mount media can be part of defense-in-depth to reduce the risk of unapproved software or information being introduced or proprietary software or information being exfiltrated. If admins commonly use flash drives and Server access has sufficient physical controls, requiring manual mounting may not increase security.
Parameter:
[yes/no]
Technical Mechanism:
Run the following command to disable autofs:
# systemctl disable autofs
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.8 | Attack Vector: PHYSICAL |
Exploit Score: 0.9 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72838 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:73049 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72944 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:71960 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72735 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:68649 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72326 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84200 |