Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-214990 | UBTU-16-010580 | SV-214990r508033_rule | Medium |
Description |
---|
Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Peripherals include, but are not limited to, such devices as flash drives, external storage, and printers. |
STIG | Date |
---|---|
Canonical Ubuntu 16.04 LTS Security Technical Implementation Guide | 2020-09-03 |
Check Text ( C-16189r284838_chk ) |
---|
Verify that automatic mounting of the Universal Serial Bus (USB) mass storage driver has been disabled. Check that the USB mass storage drive has not been loaded with the following command: #lsmod | grep usb-storage If a "usb-storage" line is returned, this is a finding. Check that automatic mounting of the USB mass storage driver has been disabled with the following command: #sudo modprobe -vn usb-storage install /bin/true If “install /bin/true” is not returned, this is a finding. |
Fix Text (F-16187r284839_fix) |
---|
Disable the mounting of the Universal Serial Bus (USB) mass storage driver by running the following command: # sudo echo “install usb-storage /bin/true” >> /etc/modprobe.d/DISASTIG.conf |