The system must have USB Mass Storage disabled unless needed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22579 | GEN008480 | SV-63179r1_rule | Low |
| Description |
|---|
| USB is a common computer peripheral interface. USB devices may include storage devices with the potential to install malicious software on a system or exfiltrate data |
| STIG | Date |
|---|---|
| Oracle Linux 5 Security Technical Implementation Guide | 2020-02-25 |
Details
| Check Text ( C-51909r1_chk ) |
|---|
| If the system needs USB storage, this vulnerability is not applicable. Check if usb-storage is prevented from loading. # grep 'install usb-storage /bin/true' /etc/modprobe.conf /etc/modprobe.d/* If no results are returned, this is a finding. |
| Fix Text (F-53755r1_fix) |
|---|
| Prevent the usb-storage module from loading. # echo 'install usb-storage /bin/true' >> /etc/modprobe.conf |