Puppet Class: cis_security_hardening::rules::disable_automount

Defined in:
manifests/rules/disable_automount.pp

Summary

Disable Automounting

Overview

autofs allows automatic mounting of devices, typically including CD/DVDs and USB drives.

Rationale: With automounting enabled anyone with physical access could attach a USB drive or disc and have its contents available in system even if they lacked permissions to mount it themselves.

Examples:

class { 'cis_security_hardening::rules::disable_automount':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



19
20
21
22
23
24
25
26
27
28
 
# File 'manifests/rules/disable_automount.pp', line 19

class cis_security_hardening::rules::disable_automount (
  Boolean $enforce = false,
) {
  if $enforce {
    ensure_resource('service', 'autofs', {
        ensure => stopped,
        enable => false,
    })
  }
}