2.8 Disable Removable Volume Manager - rmvolmgr

Information

The HAL-aware removable volume manager in the Solaris 11 OS automatically mounts
external devices for users whenever the device is attached to the system. These devices
include CD-R, CD-RW, floppies, DVD, USB and 1394 mass storage devices. See the
rmvolmgr(1M) manual page for more details.

Allowing users to mount and access data from removable media devices makes it easier for
malicious programs and data to be imported onto the network. It also introduces the risk
that sensitive data may be transferred off the system without a log record. By adding
rmvolmgr to the .xinitrc file, user-isolated instances of rmvolmgr can be run via a
session startup script. In such cases, the rmvolmgr instance will not allow management of
volumes that belong to other than the owner of the startup script. When a user logs onto
the workstation console (/dev/console), any instance of user-initiated rmvolmgr will only
own locally connected devices, such as CD-ROMs or flash memory hardware, locally
connected to USB or FireWire ports.

Solution

To disable this service, run the following commands-# svcadm disable svc-/system/filesystem/rmvolmgr
# svcadm disable svc-/network/rpc/smserver

See Also

https://workbench.cisecurity.org/files/616