Check: RHEL-09-271020
RHEL 9 STIG:
RHEL-09-271020
(in versions v1 r3 through v1 r1)
Title
RHEL 9 must disable the graphical user interface automount function unless required. (Cat II impact)
Discussion
Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity. Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227
Check Content
Verify RHEL 9 disables the graphical user interface automount function with the following command: Note: This requirement assumes the use of the RHEL 9 default graphical user interface, the GNOME desktop environment. If the system does not have any graphical user interface installed, this requirement is Not Applicable. $ gsettings get org.gnome.desktop.media-handling automount-open false If "automount-open" is set to "true", and is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.
Fix Text
Configure the GNOME desktop to disable automated mounting of removable media. The dconf settings can be edited in the /etc/dconf/db/* location. Update the [org/gnome/desktop/media-handling] section of the "/etc/dconf/db/local.d/00-security-settings" database file and add or update the following lines: [org/gnome/desktop/media-handling] automount-open=false Then update the dconf system databases: $ sudo dconf update
Additional Identifiers
Rule ID: SV-258014r926029_rule
Vulnerability ID: V-258014
Group Title: SRG-OS-000114-GPOS-00059
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-000778 |
The information system uniquely identifies an organization-defined list of specific and/or types of devices before establishing a local, remote, or network connection. |
| CCI-001958 |
The information system authenticates an organization-defined list of specific and/or types of devices before establishing a local, remote, or network connection. |