Detections
Analytics
RHEL-10-700710 - RHEL 10 must prevent a user from overriding the disabling of the graphical user interface autorun function.
Information
Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one-time use) or challenges (e.g., Transport Layer Security [TLS], WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators.Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163
Solution
Configure RHEL 10 so that the GNOME desktop does not allow a user to change the setting that disables autorun on removable media.Note: The example below is using the database "local" for the system. If the system is using another database in "/etc/dconf/profile/user", the file should be created under the appropriate subdirectory.
Update the "/etc/dconf/db/local.d/locks/00-security-settings-lock" file to prevent user modification:
$ sudo vi /etc/dconf/db/local.d/locks/00-security-settings-lock
/org/gnome/desktop/media-handling/autorun-never
Update the dconf system databases:
$ sudo dconf update
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-3, CAT|II, CCI|CCI-000778, CCI|CCI-001958, Rule-ID|SV-281274r1197245_rule, STIG-ID|RHEL-10-700710, Vuln-ID|V-281274
Plugin: Unix
Control ID: 0225216c5519235c57f0f1b6a4187004c9fd35c0dddf3290bb0fa720289fb647