RHEL 10 must disable the graphical user interface autorunner unless required.

STIG ID: RHEL-10-700890  |  SRG: SRG-OS-000114-GPOS-00059 |  Severity: low (CAT III)  |  CCI: CCI-000778,CCI-001958 |  Vulnerability Id: V-281292

Vulnerability Discussion

Automatically running applications when media is inserted allows for the easy introduction of unknown data, thereby facilitating malicious activity.

Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163

Check

Note: This requirement assumes the use of the RHEL 10 default graphical user interface, the GNOME desktop environment. If the system does not have any graphical user interface installed, this requirement is not applicable.

Verify RHEL 10 disables the graphical user interface autorun function.

Disable the setting with the following command:

$ gsettings get org.gnome.desktop.media-handling autorun-never
true

If "autorun-never" is set to "false" and is not documented with the information system security officer as an operational requirement, this is a finding.

Fix

Configure RHEL 10 GNOME to disable autorunning of removable media.

Note: The example below is using the database "local" for the system. If the system is using another database in "/etc/dconf/profile/user", the file should be created under the appropriate subdirectory.

Update the "/etc/dconf/db/local.d/00-security-settings" database to disable the GUI autorun function:

$ sudo vi /etc/dconf/db/local.d/00-security-settings

[org/gnome/desktop/media-handling]
autorun-never=true

Update the dconf system databases:

$ sudo dconf update
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.