Detections
Analytics
RHEL-10-700700 - RHEL 10 must prevent a user from overriding the disabling of the graphical user interface automount function.
Information
Without identifying and authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity.Peripherals include, but are not limited to, such devices as flash drives, external storage, and printers.
Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163
Solution
Configure RHEL 10 so that the GNOME desktop does not allow a user to change the setting that disables automated mounting of removable media.Note: The example below is using the database "local" for the system. If the system is using another database in "/etc/dconf/profile/user", the file should be created under the appropriate subdirectory.
Update the "/etc/dconf/db/local.d/locks/00-security-settings-lock" file to prevent user modification:
$ sudo vi /etc/dconf/db/local.d/locks/00-security-settings-lock
/org/gnome/desktop/media-handling/automount-open
Update the dconf system databases:
$ sudo dconf update
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-3, CAT|II, CCI|CCI-000778, CCI|CCI-001958, Rule-ID|SV-281273r1184699_rule, STIG-ID|RHEL-10-700700, Vuln-ID|V-281273
Plugin: Unix
Control ID: 5ccdfc128fe57051a4e2a99c61ade7a06c44124caa8112e31f4be744172e7682