STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Automated file system mounting tools must not be enabled unless needed.

DISA Rule

SV-209069r603263_rule

Vulnerability Number

V-209069

Group Title

SRG-OS-000480

Rule Version

OL6-00-000526

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

If the "autofs" service is not needed to dynamically mount NFS filesystems or removable media, disable the service for all runlevels:

# chkconfig --level 0123456 autofs off

Stop the service if it is already running:

# service autofs stop

Check Contents

To verify the "autofs" service is disabled, run the following command:

chkconfig --list autofs

If properly configured, the output should be the following:

autofs 0:off 1:off 2:off 3:off 4:off 5:off 6:off

Verify the "autofs" service is not running:

# service autofs status

If the autofs service is enabled or running, this is a finding.

Vulnerability Number

V-209069

Documentable

False

Rule Version

OL6-00-000526

Severity Override Guidance

To verify the "autofs" service is disabled, run the following command:

chkconfig --list autofs

If properly configured, the output should be the following:

autofs 0:off 1:off 2:off 3:off 4:off 5:off 6:off

Verify the "autofs" service is not running:

# service autofs status

If the autofs service is enabled or running, this is a finding.

Check Content Reference

M

Target Key

2928

Comments