{"description": "Linux includes a number of facilities for the automated addition\nand removal of filesystems on a running system.  These facilities may be\nnecessary in many environments, but this capability also carries some risk -- whether direct\nrisk from allowing users to introduce arbitrary filesystems,\nor risk that software flaws in the automated mount facility itself could\nallow an attacker to compromise the system.\n<br /><br />\nThis command can be used to list the types of filesystems that are\navailable to the currently executing kernel:\n<pre>$ find /lib/modules/`uname -r`/kernel/fs -type f -name '*.ko'</pre>\nIf these filesystems are not required then they can be explicitly disabled\nin a configuratio file in  <tt>/etc/modprobe.d</tt>.", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": ["bios_assign_password", "bios_disable_usb_boot", "coreos_nousb_kernel_argument", "grub2_nousb_argument", "kernel_module_cramfs_disabled", "kernel_module_freevxfs_disabled", "kernel_module_hfs_disabled", "kernel_module_hfsplus_disabled", "kernel_module_jffs2_disabled", "kernel_module_overlayfs_disabled", "kernel_module_squashfs_disabled", "kernel_module_udf_disabled", "kernel_module_usb-storage_disabled", "kernel_module_vfat_disabled", "package_autofs_removed", "service_autofs_disabled"], "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "Restrict Dynamic Mounting and Unmounting of\nFilesystems", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/mounting/group.yml"}