The system must have USB Mass Storage disabled unless needed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22579 | GEN008480 | SV-38401r1_rule | ECSC-1 | Low |
| Description |
|---|
| USB is a common computer peripheral interface. USB devices may include storage devices that could be used to install malicious software on a system or exfiltrate data. |
| STIG | Date |
|---|---|
| HP-UX 11.31 Security Technical Implementation Guide | 2018-09-14 |
Details
| Check Text ( C-36790r2_chk ) |
|---|
| On HP-UX systems with USB ports, the kernel module "usbd" is installed with the operating system. The "usbd" module enables and currently supports the use of a keyboard, a mouse and an optical drive. # /stand/system | grep -i usb # ioscan -fnC usb Ask the SA if the system requires USB mass storage. If the system requires the use of USB mass storage, this is not applicable. If the kernel module "usbd" is installed and the system does not require usb mass storage, this is a finding. |
| Fix Text (F-32169r2_fix) |
|---|
| If usb mass storage is not required and the system does not use the system's usb interface for keyboard/mouse input, remove the "usbd" module from the kernel, remake the kernel and reboot the system. Document the change(s). # smh |