2.1.1 Ensure autofs services are not in use

Information

autofs allows automatic mounting of devices, typically including CD/DVDs and USB drives.

With automounting enabled anyone with physical access could attach a USB drive or disc and have its contents available in the filesystem even if they lacked permissions to mount it themselves.

Solution

Run the following commands to stop autofs.service and remove the autofs package:

# systemctl stop autofs.service
# apt purge autofs

- OR -

- IF - the autofs package is required as a dependency:

Run the following commands to stop and mask autofs.service :

# systemctl stop autofs.service
# systemctl mask autofs.service

Impact:

The use of portable hard drives is very common for workstation users. If your organization allows the use of portable storage or media on workstations and physical access controls to workstations is considered adequate there is little value add in turning off automounting.

There may be packages that are dependent on the autofs package. If the autofs package is removed, these dependent packages will be removed as well. Before removing the autofs package, review any dependent packages to determine if they are required on the system.

- IF - a dependent package is required: stop and mask the autofs.service leaving the autofs package installed.

See Also

https://workbench.cisecurity.org/benchmarks/17045

Item Details

Category: MEDIA PROTECTION

References: 800-53|MP-7, CSCv7|8.5

Plugin: Unix

Control ID: c295c339d786a5668d3438ae8dfc2b1b029e165b82a2cced5ea845593f01123a