UCF STIG Viewer Logo

The system must have USB Mass Storage disabled unless needed.


Finding ID Version Rule ID IA Controls Severity
V-89603 VRAU-SL-000450 SV-100253r1_rule Medium
USB is a common computer peripheral interface. USB devices may include storage devices that could be used to install malicious software on a system or exfiltrate data.
VMware vRealize Automation 7.x SLES Security Technical Implementation Guide 2018-10-12


Check Text ( C-89295r1_chk )
If the system needs USB storage, this vulnerability is not applicable.

Check if "usb-storage" is prevented from loading:

# grep "install usb-storage /bin/true" /etc/modprobe.conf /etc/modprobe.conf.local /etc/modprobe.d/*

If no results are returned, this is a finding.
Fix Text (F-96345r1_fix)
Prevent the "usb-storage" module from loading:

# echo "install usb-storage /bin/true" >> /etc/modprobe.conf.local