Rule ID
SV-281273r1184699_rule
Version
V1R1
Without identifying and authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Peripherals include, but are not limited to, such devices as flash drives, external storage, and printers. Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163
Note: This requirement assumes the use of the RHEL 10 default graphical user interface, the GNOME desktop environment. If the system does not have any graphical user interface installed, this requirement is not applicable. Verify RHEL 10 disables the ability of the user to override the graphical user interface automount setting. Determine which profile the system database is using with the following command: $ sudo grep system-db /etc/dconf/profile/user system-db:local Check that the automount setting is locked from nonprivileged user modification with the following command: Note: The example below is using the database "local" for the system, so the path is "/etc/dconf/db/local.d". This path must be modified if a database other than "local" is being used. $ sudo grep 'automount-open' /etc/dconf/db/local.d/locks/* /org/gnome/desktop/media-handling/automount-open If the command does not return at least the example result, this is a finding.
Configure RHEL 10 so that the GNOME desktop does not allow a user to change the setting that disables automated mounting of removable media. Note: The example below is using the database "local" for the system. If the system is using another database in "/etc/dconf/profile/user", the file should be created under the appropriate subdirectory. Update the "/etc/dconf/db/local.d/locks/00-security-settings-lock" file to prevent user modification: $ sudo vi /etc/dconf/db/local.d/locks/00-security-settings-lock /org/gnome/desktop/media-handling/automount-open Update the dconf system databases: $ sudo dconf update