OL07-00-020111 - The Oracle Linux operating system must disable the graphical user interface automounter unless required - autorun-never

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity.

Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227

Solution

Configure the graphical user interface to disable the ability to automount devices.

Note: The example below is using the database 'local' for the system, so the path is '/etc/dconf/db/local.d'. This path must be modified if a database other than 'local' is being used.

Create or edit the /etc/dconf/db/local.d/00-No-Automount file and add the following:

[org/gnome/desktop/media-handling]

automount=false

automount-open=false

autorun-never=true

Create or edit the /etc/dconf/db/local.d/locks/00-No-Automount file and add the following:
/org/gnome/desktop/media-handling/automount

/org/gnome/desktop/media-handling/automount-open

/org/gnome/desktop/media-handling/autorun-never

Run the following command to update the database:

# dconf update

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_7_V2R7_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000366, CCI|CCI-000778, CCI|CCI-001958, Rule-ID|SV-228567r603260_rule, STIG-ID|OL07-00-020111, Vuln-ID|V-228567

Plugin: Unix

Control ID: 9fb30052cb4c376402e132a34aaf96f5bd95c38cb751da6a7ddb0a34b6b787cb