Details

autofs allows automatic mounting of devices, typically including CD/DVDs and USB drives.

Rationale:

With automounting enabled anyone with physical access could attach a USB drive or disc and have its contents available in system even if they lacked permissions to mount it themselves.

Impact:

The use of portable hard drives is very common for workstation users. If your organization allows the use of portable storage or media on workstations and physical access controls to workstations is considered adequate there is little value add in turning off automounting.

Solution

Run the following command to mask autofs:

# systemctl –now mask autofs

OR run the following command to remove autofs

# yum remove autofs

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3636

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management, Identification and Authentication.This control applies to the following type of system Unix.

References

• 800-53|CM-6b.
• 800-53|IA-3
• CCI|CCI-000366
• CCI|CCI-000778
• CCI|CCI-001958
• CSCv6|9.1
• CSCv7|8.4
• CSCv7|8.5
• Rule-ID|SV-204451r603261_rule
• STIG-ID|RHEL-07-020110

Source

• Tenable.com/audits