2025-08-19 18:07:27 +05:30
id : autofs-service
2025-06-16 09:31:36 -07:00
info :
name : Ensure autofs Service is Not Installed
author : Th3l0newolf
2025-08-19 16:26:09 +05:30
severity : info
2025-06-16 09:31:36 -07:00
description : |
2025-08-19 16:26:09 +05:30
The autofs package provides the automounting service, which mounts file systems automatically on demand. If not explicitly required, having this service installed increases the system’ s attack surface and should be avoided.
2025-06-16 09:31:36 -07:00
remediation : |
2025-08-19 16:26:09 +05:30
- Ensure the `autofs` package is not installed unless explicitly required.
- To disable the service if present, run : sudo systemctl disable --now autofs 2>/dev/null || true
- To remove the package, run : sudo apt-get purge -y autofs
- To clean up dependencies, run : sudo apt-get autoremove -y
- To verify removal, run : dpkg-query -s autofs || echo "autofs not installed"
2025-06-16 09:31:36 -07:00
reference :
- https://www.cisecurity.org/benchmark/ubuntu_linux
metadata :
verified : true
2025-08-28 23:41:32 +05:30
tags : cis,local,cisecurity,audit,linux,ubuntu
2025-06-16 09:31:36 -07:00
self-contained : true
code :
- engine :
- bash
args :
- "-c"
- |
if dpkg-query -s autofs &>/dev/null; then
2025-08-19 16:26:09 +05:30
echo "[autofs-service-check:Policy-Fail] [autofs is installed] [CIS_FAIL]"
2025-06-16 09:31:36 -07:00
else
2025-08-19 16:26:09 +05:30
echo "[autofs-service-check:Policy-Pass] [autofs is not installed] [CIS_PASS]"
2025-06-16 09:31:36 -07:00
fi
matchers :
- type : word
name : policy-pass
words :
- "Policy-Pass"
- type : word
name : policy-fail
words :
2025-08-21 12:45:03 +00:00
- "Policy-Fail"
2025-08-29 10:06:03 +00:00
# digest: 4b0a00483046022100beae631943cebc47c019a26e3e75c3564f7fa4fe70eb0de578f3fce62a6d00aa022100aa285d67fd177fa37e5274957926becc643b3aeec8e446f8dab8ccc4c704597b:922c64590222798bb761d5b6d8e72950