An error occurred:

Check: GEN008460

HP-UX 11.31 STIG: GEN008460 (in versions v1 r19 through v1 r13)

Title

The system must have USB disabled unless needed. (Cat III impact)

Discussion

USB is a common computer peripheral interface. USB devices may include storage devices that could be used to install malicious software on a system or exfiltrate data.

Check Content

# ioscan -fnC usb If the system uses USB, this is not applicable. By default, HP-UX systems tend to use both a USB keyboard and mouse. The following sample is a section of a system ioscan output showing the discovered USB controllers and devices. Notice, there are 3 NEC USB controllers. The first 2 USB controllers are OHCI (Open Host Controller Interface) controllers for low and full speed USB 1.0 and 1.1 devices. The 3rd USB controller is an EHCI (Enhanced Host Controller Interface) controller for high speed USB 2.0 devices. The first OHCI USB controller has a keyboard, a mouse, and a mass storage device attached. The second OHCI USB controller has no devices attached. The third USB controller, EHCI, has 2 mass storage devices attached. Class I H/W Path Driver S/W State H/W Type Description ================================================================================================ Usb 0 0/0/2/0 hcd CLAIMED INTERFACE NEC OHCI Controller usbcomp 0 0/0/2/0.1 usbcomposite CLAIMED DEVICE USB Composite Device usbhid 0 0/0/2/0.1.0 hid CLAIMED DEVICE USB HID Kbd(0) usbhid 1 0/0/2/0.1.1 hid CLAIMED DEVICE USB HID Pointer(1) usbms 0 0/0/2/0.1.2 ms CLAIMED DEVICE USB Mass Storage [0] usb 1 0/0/2/1 hcd CLAIMED INTERFACE NEC OHCI Controller usb 2 0/0/2/2 ehci CLAIMED INTERFACE NEC EHCI Controller usbms 2 0/0/2/2.2 ms CLAIMED DEVICE USB Mass Storage [1] usbms 3 0/0/2/2.3 ms CLAIMED DEVICE USB Mass Storage [2] Determine if the system has USB enabled. If it does, this is a finding.

Fix Text

Disable USB on the system. In doing so, remember the keyboard and mouse will no longer work.

Additional Identifiers

Rule ID: SV-38400r1_rule

Vulnerability ID: V-22578

Group Title: GEN008460

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings