Remove autofs Package

Docs > Datadog Security > OOTB Rules > Remove autofs Package

Description

autofs allows automatic mounting of devices, typically including CD/DVDs and USB drives. The autofs package can be removed with the following command:


 $ apt-get remove autofs

Rationale

With automounting enabled anyone with physical access could attach a USB drive or disc and have its contents available in the filesystem even if they lacked permissions to mount it themselves.

Remediation

Shell script

The following script can be run on the host to remediate the issue.

#!/bin/bash

# CAUTION: This remediation script will remove autofs
# from the system, and may remove any packages
# that depend on autofs. Execute this
# remediation AFTER testing on a non-production
# system!


DEBIAN_FRONTEND=noninteractive apt-get remove -y "autofs"

Ansible playbook

The following playbook can be run with Ansible to remediate the issue.

- name: 'Remove autofs Package: Ensure autofs is removed'
  ansible.builtin.package:
    name: autofs
    state: absent
  tags:
  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - package_autofs_removed