OL 8 must be configured to disable the ability to use USB mass storage devices.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-248837	OL08-00-040080	SV-248837r780077_rule		Medium

Description
USB mass storage permits easy introduction of unknown devices, thereby facilitating malicious activity.

STIG	Date
Oracle Linux 8 Security Technical Implementation Guide	2021-07-21

Details

Check Text ( C-52271r780075_chk )
Determine if USB mass storage is disabled with the following command: $ sudo grep usb-storage /etc/modprobe.d/* \| grep -i "blacklist" \| grep -v "^#" /etc/modprobe.d/blacklist.conf:blacklist usb-storage If the command does not return any output or the output is not "blacklist usb-storage", and use of USB storage devices is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.

Check Text ( C-52271r780075_chk )

Determine if USB mass storage is disabled with the following command:

$ sudo grep usb-storage /etc/modprobe.d/* | grep -i "blacklist" | grep -v "^#"

/etc/modprobe.d/blacklist.conf:blacklist usb-storage

If the command does not return any output or the output is not "blacklist usb-storage", and use of USB storage devices is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.

Fix Text (F-52225r780076_fix)
Configure OL 8 to disable the ability to use USB mass storage devices. $ sudo vi /etc/modprobe.d/blacklist.conf Add or update the line: blacklist usb-storage