a676e37a84
* Docs are now ordered by STIG ID number to make them easier to browse. * Deployer notes are better organized. * Script + CSV added for automated documentation generation. Implements: blueprint security-hardening Change-Id: Ib87bec701eddf1601574f4e027f301c775e5e1cd
23 lines
1.1 KiB
ReStructuredText
23 lines
1.1 KiB
ReStructuredText
V-38437: Automated file system mounting tools must not be enabled unless needed.
|
|
--------------------------------------------------------------------------------
|
|
|
|
All filesystems that are required for the successful operation of the system
|
|
should be explicitly listed in "/etc/fstab" by an administrator. New
|
|
filesystems should not be arbitrarily introduced via the automounter. The
|
|
"autofs" daemon mounts and unmounts filesystems, such as user home directories
|
|
shared via NFS, on demand. In addition, autofs can be used to handle removable
|
|
media, and the default configuration provides the cdrom device as "/misc/cd".
|
|
However, this method of providing access to removable media is not common, so
|
|
autofs can almost always be disabled if NFS is not in use. Even if NFS is
|
|
required, it is almost always possible to configure filesystem mounts
|
|
statically by editing "/etc/fstab" rather than relying on the automounter.
|
|
|
|
Details: `V-38437 in STIG Viewer`_.
|
|
|
|
.. _V-38437 in STIG Viewer: https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2015-05-26/finding/V-38437
|
|
|
|
Notes for deployers
|
|
~~~~~~~~~~~~~~~~~~~
|
|
|
|
.. include:: developer-notes/V-38437.rst
|