UCF STIG Viewer Logo

The system must have USB Mass Storage disabled unless needed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22579 GEN008480 SV-26970r4_rule ECSC-1 Low
Description
USB is a common computer peripheral interface. USB devices may include storage devices that could be used to install malicious software on a system or exfiltrate data.
STIG Date
SOLARIS 9 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-27917r6_chk )
If the system needs a particular USB driver for storage, this vulnerability is not applicable.

Check the current loaded kernel modules:

# modinfo | grep usb_ac
# modinfo | grep usb_as
# modinfo | grep hid
# modinfo | grep scsa2usb
# modinfo | grep usbprn
# modinfo | grep usbser_edge

If any command produces output, this is a finding.

Check the configuration of the /etc/system file:

# grep 'exclude: usb_ac' /etc/system
# grep 'exclude: usb_as' /etc/system
# grep 'exclude: hid' /etc/system
# grep 'exclude: scsa2usb' /etc/system
# grep 'exclude: usbprn' /etc/system
# grep 'exclude: usbser_edge' /etc/system

If no results are returned from any particular command, this is a finding.
Fix Text (F-24232r6_fix)
Prevent the USB drivers from loading:
# echo "exclude: usb_ac" >> /etc/system
# echo "exclude: usb_as" >> /etc/system
# echo "exclude: hid" >> /etc/system
# echo "exclude: scsa2usb" >> /etc/system
# echo "exclude: usbprn" >> /etc/system
# echo "exclude: usbser_edge" >> /etc/system

The system must be restarted for these changes to take effect.