RHEL 10 must disable the graphical user interface automounter unless required.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-281291 | RHEL-10-700880 | SV-281291r1166825_rule | CCI-000778 | medium |
| Description | ||||
| Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity. Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163 | ||||
| STIG | Date | |||
| Red Hat Enterprise Linux 10 Security Technical Implementation Guide | 2026-03-11 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
IA-3
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.5.1
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.2
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000778
1.00
- DISA · V1R1 · disa_xccdf · related
Details
Check Text (C-281291r1166825_chk)
Note: This requirement assumes the use of the RHEL 10 default graphical user interface, the GNOME desktop environment. If the system does not have any graphical user interface installed, this requirement is not applicable.
Verify RHEL 10 disables the graphical user interface automount function.
Disable the setting with the following command:
$ gsettings get org.gnome.desktop.media-handling automount-open
false
If "automount-open" is set to "true" and is not documented with the information system security officer as an operational requirement, this is a finding.
Fix Text (F-85757r1166824_fix)
Configure RHEL 10 GNOME to disable automated mount of removable media.
Note: The example below is using the database "local" for the system. If the system is using another database in "/etc/dconf/profile/user", the file should be created under the appropriate subdirectory.
Update the "/etc/dconf/db/local.d/00-security-settings" database file with the following lines:
$ sudo vi /etc/dconf/db/local.d/00-security-settings
[org/gnome/desktop/media-handling]
automount-open=false
Update the dconf system databases:
$ sudo dconf update