The OL 8 file system automounter must be disabled unless required.

STIG ID: OL08-00-040070  |  SRG: SRG-OS-000114-GPOS-00059 | Severity: medium |  CCI: CCI-000778

Vulnerability Discussion

Verify the operating system disables the ability to automount devices.

Determine if automounter service is active with the following command:

$ sudo systemctl status autofs

autofs.service - Automounts filesystems on demand
Loaded: loaded (/usr/lib/systemd/system/autofs.service; disabled)
Active: inactive (dead)

If the "autofs" status is set to "active" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.

Check

Verify the operating system disables the ability to automount devices.

Determine if the automounter service is active with the following command:

$ sudo systemctl status autofs

autofs.service - Automounts filesystems on demand
Loaded: loaded (/usr/lib/systemd/system/autofs.service; disabled)
Active: inactive (dead)

If the "autofs" status is set to "active" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.

Fix

Configure OL 8 to disable the ability to automount devices.

Turn off the automount service with the following commands:

$ sudo systemctl stop autofs
$ sudo systemctl disable autofs

If "autofs" is required for Network File System (NFS), it must be documented with the ISSO.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.