UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The FireWire protocol driver must be removed or disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-53857 OSX8-00-00845 SV-68075r1_rule Medium
Description
Malicious code is known to propagate via removable media such as floppy disks, USB or flash drives, and removable hard drives. In order to prevent propagation and potential infection due to malware contained on removable media the operating system must be able to restrict and/or limit the use of removable media.
STIG Date
Apple OS X 10.8 (Mountain Lion) Workstation STIG 2015-02-10

Details

Check Text ( C-54701r1_chk )
This command checks for the presence of the FireWire protocol kext (driver). This is the primary driver for FireWire communication and, if removed, will disable the ability to communicate with FireWire devices. If this command returns any value other than "No such file or directory" this is a finding.

ls -ld /System/Library/Extensions/IOFireWireSerialBusProtocolTransport.kext

The check to see if a configuration profile is configured to not allow external removable media, run the following command:

system_profiler SPConfigurationProfileDataType | grep -A 3 "harddisk-external" | sed 's/ //g' | tr "\n" " " | awk '{ print $2 $3 }'

If the result is not "eject,alert" this is a finding.
Fix Text (F-58689r1_fix)
To remove the driver for FireWire, run the following command:

sudo rm -Rf /System/Library/Extensions/IOFireWireSerialBusProtocolTransport.kext

This should be enforced by a configuration profile.