Check: RHEL-09-231040
RHEL 9 STIG:
RHEL-09-231040
(in versions v1 r3 through v1 r1)
Title
RHEL 9 file system automount function must be disabled unless required. (Cat II impact)
Discussion
An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227
Check Content
Verify that RHEL 9 file system automount function has been disabled with the following command: $ sudo systemctl is-enabled autofs masked If the returned value is not "masked", "disabled", "Failed to get unit file state for autofs.service for autofs", or "enabled", and is not documented as operational requirement with the information system security officer ISSO, this is a finding.
Fix Text
Configure RHEL 9 to disable the ability to automount devices. The autofs service can be disabled with the following command: $ sudo systemctl mask --now autofs.service
Additional Identifiers
Rule ID: SV-257849r925534_rule
Vulnerability ID: V-257849
Group Title: SRG-OS-000114-GPOS-00059
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-000778 |
The information system uniquely identifies an organization-defined list of specific and/or types of devices before establishing a local, remote, or network connection. |
| CCI-001958 |
The information system authenticates an organization-defined list of specific and/or types of devices before establishing a local, remote, or network connection. |