Title

Amazon Linux 2023 file system automount function must be disabled unless required. (Cat II impact)

Discussion

Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Peripherals include, but are not limited to, such devices as flash drives, external storage, and printers.

Check Content

Verify Amazon Linux 2023 disables the file system automount function with the following command: $ sudo systemctl is-enabled autofs masked If the returned value is not "masked", "disabled", "Failed to get unit file state for autofs.service for autofs", or "enabled", and is not documented as operational requirement with the information system security officer (ISSO), this is a finding.

Fix Text

Configure Amazon Linux 2023 to disable the ability to automount devices. The autofs service can be disabled with the following command: $ sudo systemctl mask --now autofs.service

Additional Identifiers

Rule ID: SV-274182r1120729_rule

Vulnerability ID: V-274182

Group Title: SRG-OS-000378-GPOS-00163

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.