Check: RHEL-09-291010
RHEL 9 STIG:
RHEL-09-291010
(in versions v2 r4 through v2 r3)
Title
RHEL 9 must be configured to disable USB mass storage. (Cat II impact)
Discussion
USB mass storage permits easy introduction of unknown devices, thereby facilitating malicious activity. Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227
Check Content
Verify that RHEL 9 disables the ability to load the USB Storage kernel module with the following command: $ grep -r usb-storage /etc/modprobe.conf /etc/modprobe.d/* install usb-storage /bin/false blacklist usb-storage If the command does not return any output, or either line is commented out, and use of USB Storage is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.
Fix Text
To configure the system to prevent the usb-storage kernel module from being loaded, add the following lines to the file "/etc/modprobe.d/usb-storage.conf" (or create "usb-storage.conf" if it does not exist): install usb-storage /bin/false blacklist usb-storage
Additional Identifiers
Rule ID: SV-258034r1051267_rule
Vulnerability ID: V-258034
Group Title: SRG-OS-000114-GPOS-00059
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000778 |
Uniquely identify organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection. |
| CCI-001958 |
Authenticate organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection. |
| CCI-003959 |
Prohibit the use or connection of unauthorized hardware components. |
Controls
| Number | Title |
|---|---|
| IA-3 |
Device Identification and Authentication |