2.10 Disable Removable Volume Manager - smserver

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The HAL-aware removable volume manager in the Solaris 11 OS automatically mounts
external devices for users whenever the device is attached to the system. These devices
include CD-R, CD-RW, floppies, DVD, USB and 1394 mass storage devices. See the
rmvolmgr(1M) manual page for more details.

Rationale:

Allowing users to mount and access data from removable media devices makes it easier for
malicious programs and data to be imported onto the network. It also introduces the risk
that sensitive data may be transferred off the system without a log record. By adding
rmvolmgr to the .xinitrc file, user-isolated instances of rmvolmgr can be run via a session
startup script. In such cases, the rmvolmgr instance will not allow management of volumes
that belong to other than the owner of the startup script. When a user logs onto the
workstation console ( /dev/console), any instance of user-initiated rmvolmgr will only own
locally connected devices, such as CD-ROMs or flash memory hardware, locally connected
to USB or FireWire ports.

Solution

To disable this service, run the following commands:

# svcadm disable svc:/system/filesystem/rmvolmgr

# svcadm disable svc:/network/rpc/smserver

Notes:

rmformat is a rpc.smserverd client. If you need to support this service, but still want to
disable rmvolmgr, then do not disable smserver in the action above.

See Also

https://workbench.cisecurity.org/files/2582