2

I am hardening CentOS/RHEL 7.6. The hardening documents recommend disabling the automounter, "unless it is necessary."
Why is autofs such a problem?
One of the benefits of networking is a shared file system. What other alternatives are there?

Update
Here is the link to the [sic] very informative documentation.
RHEL OS must disable the file system automounter unless required.
Here is the text from the DISA STIG URL:

The autofs daemon mounts and unmounts filesystems, such as user home directories shared via NFS, on demand. In addition, autofs can be used to handle removable media, and the default configuration provides the cdrom device as /misc/cd. However, this method of providing access to removable media is not common, so autofs can almost always be disabled if NFS is not in use. Even if NFS is required, it may be possible to configure filesystem mounts statically by editing /etc/fstab rather than relying on the automounter.

The autofs service can be disabled with the following command:
$ sudo systemctl disable autofs.service

To find it, go here and search for autofs

Scottie H
  • 244
  • 1
  • 9
  • 2
    Could you please provide a link to these documents? They might contain a reasoning for it. –  May 22 '19 at 09:02
  • 1
    There are many level of system hardening. Some hardening applications are so restricted that the system are stripped off from all sort of scripting capabilities and only run the designated application services. Disabled automounter is a way to prevent people that gain access to your system to copy tools and script from other place. – mootmoot May 22 '19 at 09:06
  • Are you aware of the "autorun" problems in Windows? – schroeder May 22 '19 at 09:07
  • 2
    @schroeder but OP is using Linux. – mootmoot May 22 '19 at 09:08
  • 1
    Since hardening documents pretty universally recommend disabling all services that are not necessary what context makes you think that there is a more specific reason to disable autofs in particular? – HBruijn May 22 '19 at 11:03
  • @HBruijn Autofs is not a network service, so the reason for disabling it is different. – forest May 27 '19 at 01:39
  • autofs is showing up as a finding in my nessus scans. That gives me 2 options: 1) turn it off and use something else, 2) Write up a justification as to why I am continuing to use it. Our preference is option #1 -- if possible. – Scottie H May 28 '19 at 15:58

1 Answers1

5

Many filesystem drivers are insecure.

There's nothing wrong with automounting in theory, given that dangerous filesystem options are disabled for automounted filesystems, but the reality is that mounting arbitrary filesystems can make it possible to exploit vulnerabilities. Many filesystem drivers are very complex and designed for speed, not for security. Precious little effort goes into securing filesystem drivers from maliciously-designed filesystem images because they are not usually coming from untrusted sources. Disabling the autofs service prevents an attacker from feeding a malicious filesystem to the a vulnerable driver. The upshot of disabling autofs is that less kernel code is being exposed to an attacker.

If you just want to bind one directory to another, you can use use a bind mount, which is implemented on top of VFS, not a novel filesystem. The directory /foo/bar can be bound to /baz/qux like so:

mount --bind /foo/bar /baz/qux

If you additionally want to recursively mount any mount points within the source directory, you can use the --rbind flag. The two flags are identical unless there is a mount point within /foo/bar. You can do this automatically by editing /etc/fstab. Add a line to it so this happens at boot:

/foo/bar /baz/qux none bind
forest
  • 64,616
  • 20
  • 206
  • 257