From 407e485efa6f29f2bd4b63323c21435a222a2454 Mon Sep 17 00:00:00 2001
From: Eric Berry <eric.berry@canonical.com>
Date: Tue, 10 Dec 2024 16:10:25 -0800
Subject: [PATCH] Ubuntu 24.04 2.1.1 Ensure autofs services are not in use

---
 components/autofs.yml                         |  1 +
 controls/cis_ubuntu2404.yml                   |  8 +++----
 .../mounting/package_autofs_removed/rule.yml  | 22 +++++++++++++++++++
 3 files changed, 27 insertions(+), 4 deletions(-)
 create mode 100644 linux_os/guide/system/permissions/mounting/package_autofs_removed/rule.yml

diff --git a/components/autofs.yml b/components/autofs.yml
index 927a2be54d5..c64e85dab3e 100644
--- a/components/autofs.yml
+++ b/components/autofs.yml
@@ -3,3 +3,4 @@ packages:
 - autofs
 rules:
 - service_autofs_disabled
+- package_autofs_removed
diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml
index 74a2cee01e6..0b597175fd0 100644
--- a/controls/cis_ubuntu2404.yml
+++ b/controls/cis_ubuntu2404.yml
@@ -662,11 +662,11 @@ controls:
     levels:
       - l1_server
       - l2_workstation
-    related_rules:
+    rules:
       - service_autofs_disabled
-    status: planned
-    notes: TODO. Partial/incorrect implementation exists.See related rules. Analogous to ubuntu2204/1.1.9.
-
+      - package_autofs_removed
+    status: automated
+    
   - id: 2.1.2
     title: Ensure avahi daemon services are not in use (Automated)
     levels:
diff --git a/linux_os/guide/system/permissions/mounting/package_autofs_removed/rule.yml b/linux_os/guide/system/permissions/mounting/package_autofs_removed/rule.yml
new file mode 100644
index 00000000000..f71fe25e3d7
--- /dev/null
+++ b/linux_os/guide/system/permissions/mounting/package_autofs_removed/rule.yml
@@ -0,0 +1,22 @@
+documentation_complete: true
+
+title: 'Remove autofs Package'
+
+description: |-
+   autofs allows automatic mounting of devices, typically including CD/DVDs and USB
+   drives.
+    {{{ describe_package_remove(package="autofs") }}}
+
+rationale: |-
+    With automounting enabled anyone with physical access could attach a USB drive or
+    disc and have its contents available in the filesystem even if they lacked permissions to
+    mount it themselves.
+
+severity: low
+
+ocil: '{{{ describe_package_remove(package="autofs") }}}'
+
+template:
+    name: package_removed
+    vars:
+        pkgname: autofs