id: autofs-service

info:
  name: Ensure autofs Service is Not Installed
  author: Th3l0newolf
  severity: info
  description: |
    The autofs package provides the automounting service, which mounts file systems automatically on demand. If not explicitly required, having this service installed increases the system’s attack surface and should be avoided.
  remediation: |
    - Ensure the `autofs` package is not installed unless explicitly required.
    - To disable the service if present, run: sudo systemctl disable --now autofs 2>/dev/null || true
    - To remove the package, run: sudo apt-get purge -y autofs
    - To clean up dependencies, run: sudo apt-get autoremove -y
    - To verify removal, run: dpkg-query -s autofs || echo "autofs not installed"
  reference:
    - https://www.cisecurity.org/benchmark/ubuntu_linux
  metadata:
    verified: true
  tags: cis,local,cisecurity,audit,linux,ubuntu

self-contained: true

code:
  - engine:
      - bash
    args:
      - "-c"
      - |
        if dpkg-query -s autofs &>/dev/null; then
          echo "[autofs-service-check:Policy-Fail] [autofs is installed] [CIS_FAIL]"
        else
          echo "[autofs-service-check:Policy-Pass] [autofs is not installed] [CIS_PASS]"
        fi

    matchers:
      - type: word
        name: policy-pass
        words:
          - "Policy-Pass"

      - type: word
        name: policy-fail
        words:
          - "Policy-Fail"
# digest: 4b0a00483046022100beae631943cebc47c019a26e3e75c3564f7fa4fe70eb0de578f3fce62a6d00aa022100aa285d67fd177fa37e5274957926becc643b3aeec8e446f8dab8ccc4c704597b:922c64590222798bb761d5b6d8e72950