UCF STIG Viewer Logo

The system must have USB disabled unless needed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22578 GEN008460 SV-38400r1_rule ECSC-1 Low
Description
USB is a common computer peripheral interface. USB devices may include storage devices that could be used to install malicious software on a system or exfiltrate data.
STIG Date
HP-UX 11.31 Security Technical Implementation Guide 2018-09-14

Details

Check Text ( C-36789r1_chk )
# ioscan -fnC usb

If the system uses USB, this is not applicable. By default, HP-UX systems tend to use both a USB keyboard and mouse. The following sample is a section of a system ioscan output showing the discovered USB controllers and devices. Notice, there are 3 NEC USB controllers. The first 2 USB controllers are OHCI (Open Host Controller Interface) controllers for low and full speed USB 1.0 and 1.1 devices. The 3rd USB controller is an EHCI (Enhanced Host Controller Interface) controller for high speed USB 2.0 devices. The first OHCI USB controller has a keyboard, a mouse, and a mass storage device attached. The second OHCI USB controller has no devices attached. The third USB controller, EHCI, has 2 mass storage devices attached.

Class I H/W Path Driver S/W State H/W Type Description
================================================================================================
Usb 0 0/0/2/0 hcd CLAIMED INTERFACE NEC OHCI Controller
usbcomp 0 0/0/2/0.1 usbcomposite CLAIMED DEVICE USB Composite Device
usbhid 0 0/0/2/0.1.0 hid CLAIMED DEVICE USB HID Kbd(0)
usbhid 1 0/0/2/0.1.1 hid CLAIMED DEVICE USB HID Pointer(1)
usbms 0 0/0/2/0.1.2 ms CLAIMED DEVICE USB Mass Storage [0]
usb 1 0/0/2/1 hcd CLAIMED INTERFACE NEC OHCI Controller
usb 2 0/0/2/2 ehci CLAIMED INTERFACE NEC EHCI Controller
usbms 2 0/0/2/2.2 ms CLAIMED DEVICE USB Mass Storage [1]
usbms 3 0/0/2/2.3 ms CLAIMED DEVICE USB Mass Storage [2]


Determine if the system has USB enabled. If it does, this is a finding.
Fix Text (F-32168r1_fix)
Disable USB on the system. In doing so, remember the keyboard and mouse will no longer work.