code/linux/audit/autofs-service.yaml

id: autofs-service

info:
  name: Ensure autofs Service is Not Installed
  author: Th3l0newolf
  severity: info
  description: |
    The autofs package provides the automounting service, which mounts file systems automatically on demand. If not explicitly required, having this service installed increases the system’s attack surface and should be avoided.
  remediation: |
    - Ensure the `autofs` package is not installed unless explicitly required.
    - To disable the service if present, run: sudo systemctl disable --now autofs 2>/dev/null || true
    - To remove the package, run: sudo apt-get purge -y autofs
    - To clean up dependencies, run: sudo apt-get autoremove -y
    - To verify removal, run: dpkg-query -s autofs || echo "autofs not installed"
  reference:
    - https://www.cisecurity.org/benchmark/ubuntu_linux
  metadata:
    verified: true
  tags: cis,local,cisecurity,audit,linux,ubuntu

self-contained: true

code:
  - engine:
      - bash
    args:
      - "-c"
      - |
        if dpkg-query -s autofs &>/dev/null; then
          echo "[autofs-service-check:Policy-Fail] [autofs is installed] [CIS_FAIL]"
        else
          echo "[autofs-service-check:Policy-Pass] [autofs is not installed] [CIS_PASS]"
        fi

    matchers:
      - type: word
        name: policy-pass
        words:
          - "Policy-Pass"

      - type: word
        name: policy-fail
        words:
          - "Policy-Fail"
# digest: 4b0a00483046022100beae631943cebc47c019a26e3e75c3564f7fa4fe70eb0de578f3fce62a6d00aa022100aa285d67fd177fa37e5274957926becc643b3aeec8e446f8dab8ccc4c704597b:922c64590222798bb761d5b6d8e72950
-												File name change

											
										
										
											2025-08-19 18:07:27 +05:30
+								id: autofs-service
-												Ubuntu CIS Phase-2
											
										
										
											2025-06-16 09:31:36 -07:00
 								info:
 								  name: Ensure autofs Service is Not Installed
 								  author: Th3l0newolf
-												minor changes

											
										
										
											2025-08-19 16:26:09 +05:30
+								  severity: info
-												Ubuntu CIS Phase-2
											
										
										
											2025-06-16 09:31:36 -07:00
+								  description: |
-												minor changes

											
										
										
											2025-08-19 16:26:09 +05:30
+								    The autofs package provides the automounting service, which mounts file systems automatically on demand. If not explicitly required, having this service installed increases the system’s attack surface and should be avoided.
-												Ubuntu CIS Phase-2
											
										
										
											2025-06-16 09:31:36 -07:00
+								  remediation: |
-												minor changes

											
										
										
											2025-08-19 16:26:09 +05:30
+								    - Ensure the `autofs` package is not installed unless explicitly required.
 								    - To disable the service if present, run: sudo systemctl disable --now autofs 2>/dev/null || true
 								    - To remove the package, run: sudo apt-get purge -y autofs
 								    - To clean up dependencies, run: sudo apt-get autoremove -y
 								    - To verify removal, run: dpkg-query -s autofs || echo "autofs not installed"
-												Ubuntu CIS Phase-2
											
										
										
											2025-06-16 09:31:36 -07:00
+								  reference:
 								    - https://www.cisecurity.org/benchmark/ubuntu_linux
 								  metadata:
 								    verified: true
-												Local tag - update

											
										
										
											2025-08-28 23:41:32 +05:30
+								  tags: cis,local,cisecurity,audit,linux,ubuntu
-												Ubuntu CIS Phase-2
											
										
										
											2025-06-16 09:31:36 -07:00
 								self-contained: true
 								code:
 								  - engine:
 								      - bash
 								    args:
 								      - "-c"
 								      - |
 								        if dpkg-query -s autofs &>/dev/null; then
-												minor changes

											
										
										
											2025-08-19 16:26:09 +05:30
+								          echo "[autofs-service-check:Policy-Fail] [autofs is installed] [CIS_FAIL]"
-												Ubuntu CIS Phase-2
											
										
										
											2025-06-16 09:31:36 -07:00
+								        else
-												minor changes

											
										
										
											2025-08-19 16:26:09 +05:30
+								          echo "[autofs-service-check:Policy-Pass] [autofs is not installed] [CIS_PASS]"
-												Ubuntu CIS Phase-2
											
										
										
											2025-06-16 09:31:36 -07:00
+								        fi
 								    matchers:
 								      - type: word
 								        name: policy-pass
 								        words:
 								          - "Policy-Pass"
 								      - type: word
 								        name: policy-fail
 								        words:
-												chore: sign templates 🤖

											
										
										
											2025-08-21 12:45:03 +00:00
+								          - "Policy-Fail"
-												chore: sign templates 🤖

											
										
										
											2025-08-29 10:06:03 +00:00
+								# digest: 4b0a00483046022100beae631943cebc47c019a26e3e75c3564f7fa4fe70eb0de578f3fce62a6d00aa022100aa285d67fd177fa37e5274957926becc643b3aeec8e446f8dab8ccc4c704597b:922c64590222798bb761d5b6d8e72950