2.12 Audit Automatic Actions for Optical Media

Information

Managing automatic actions, while useful in very few situations, is unlikely to increase security on the computer and does complicate the user experience and add additional complexity to the configuration. These settings are user controlled and can be changed without Administrator privileges unless controlled through MCX settings or Parental Controls. Unlike Windows, the Auto-run the optical media is accessed through Operating System applications. Those same applications can open and access the media directly. If optical media is not allowed in the environment the optical media drive should be disabled in hardware and software.

Rationale:

Setting automatic actions for optical media can mitigate malicious code from running automatically when optical media is inserted.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Perform the following to set the optical media action setting:
Graphical Method:

Open System Preferences

Select CDs & DVDs

Set each option to meet your organization's requirements

Terminal Method:
Run the following command to set the optical media action:

$ sudo -u <username> defaults write /Users/<username>/Library/Preferences/com.apple.digihub <what type of media> -dict action <preferred action>

example:

$ sudo -u seconduser defaults write /Users/seconduser/Library/Preferences/com.apple.digihub com.apple.digihub.blank.dvd.appeared -dict action 1

The five media types are com.apple.digihub.blank.cd.appeared(blank cd), com.apple.digihub.blank.dvd.appeared (blank dvd), com.apple.digihub.cd.music.appeared (music cd), com.apple.digihub.cd.picture.appeared (picture cd), and com.apple.digihub.dvd.video.appeared (DVD movie).

See Also

https://workbench.cisecurity.org/files/3569

Item Details

Category: CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|MP-7, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1, CSCv7|9.2

Plugin: Unix

Control ID: d67f0e960da1b5683daaff827a695276586dc9c60b0d90c84119733000dd51e5