OL07-00-020111 - The Oracle Linux operating system must disable the graphical user interface automounter unless required - automount

Information

Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity.

Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227

Solution

Configure the graphical user interface to disable the ability to automount devices.

Note: The example below is using the database 'local' for the system, so the path is '/etc/dconf/db/local.d'. This path must be modified if a database other than 'local' is being used.

Create or edit the /etc/dconf/db/local.d/00-No-Automount file and add the following:

[org/gnome/desktop/media-handling]

automount=false

automount-open=false

autorun-never=true

Create or edit the /etc/dconf/db/local.d/locks/00-No-Automount file and add the following:
/org/gnome/desktop/media-handling/automount

/org/gnome/desktop/media-handling/automount-open

/org/gnome/desktop/media-handling/autorun-never

Run the following command to update the database:

# dconf update

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_7_V2R7_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

References: 800-53|CM-6b., 800-53|IA-3, CAT|II, CCI|CCI-000366, CCI|CCI-000778, CCI|CCI-001958, Rule-ID|SV-228567r603260_rule, STIG-ID|OL07-00-020111, Vuln-ID|V-228567

Plugin: Unix

Control ID: d98c14f3d36b2ac9f467097187aa2ff258383433d3ba56eedd81b368216ffe96