Check: RIIM-OS-291010
Riverbed NetIM OS STIG:
RIIM-OS-291010
(in version v1 r1)
Title
Ubuntu OS must disable automatic mounting of Universal Serial Bus (USB) mass storage driver. (Cat II impact)
Discussion
Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Peripherals include, but are not limited to, such devices as flash drives, external storage, and printers. Satisfies: SRG-OS-000378-GPOS-00163, SRG-OS-000690-GPOS-00140
Check Content
Verify Ubuntu OS disables ability to load the USB storage kernel module by using the following command: $ grep usb-storage /etc/modprobe.d/* | grep "/bin/false" /etc/modprobe.d/stig.conf:install usb-storage /bin/false If the command does not return any output, or the line is commented out, this is a finding. Verify Ubuntu OS disables the ability to use USB mass storage device. $ grep usb-storage /etc/modprobe.d/* | grep -i "blacklist" /etc/modprobe.d/stig.conf:blacklist usb-storage If the command does not return any output, or the line is commented out, this is a finding.
Fix Text
Configure Ubuntu OS to disable using the USB storage kernel module. Create and/or append a custom file under "/etc/modprobe.d/" to contain the following: $ sudo su -c "echo install usb-storage /bin/false >> /etc/modprobe.d/stig.conf" Configure Ubuntu OS to disable the ability to use USB mass storage devices. $ sudo su -c "echo blacklist usb-storage >> /etc/modprobe.d/stig.conf"
Additional Identifiers
Rule ID: SV-275631r1147943_rule
Vulnerability ID: V-275631
Group Title: SRG-OS-000378-GPOS-00163
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001958 |
Authenticate organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection. |
| CCI-003959 |
Prohibit the use or connection of unauthorized hardware components. |