Check: SLEM-05-231050
SUSE Linux Enterprise Micro (SLEM) 5 STIG:
SLEM-05-231050
(in version v1 r1)
Title
SLEM 5 must disable the file system automounter unless required. (Cat II impact)
Discussion
Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity.
Check Content
Verify SLEM 5 disables the ability to automount devices. Verify the automounter service is installed with the following command: > sudo zypper se autofs If it is installed, verify the automounter service is active with the following command: > systemctl status autofs autofs.service - Automounts filesystems on demand Loaded: loaded (/usr/lib/systemd/system/autofs.service; disabled) Active: inactive (dead) If the "autofs" status is set to "active" and is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.
Fix Text
Configure SLEM 5 to disable the ability to automount devices. Turn off the automount service with the following command: > sudo systemctl stop autofs > sudo systemctl disable autofs If "autofs" is required for Network File System (NFS), it must be documented with the ISSO.
Additional Identifiers
Rule ID: SV-261286r996338_rule
Vulnerability ID: V-261286
Group Title: SRG-OS-000114-GPOS-00059
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000778 |
Uniquely identify organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection. |
Controls
| Number | Title |
|---|---|
| IA-3 |
Device Identification and Authentication |