Check: RHEL-09-291010
RHEL 9 STIG:
RHEL-09-291010
(in versions v2 r2 through v1 r1)
Title
RHEL 9 must be configured to disable USB mass storage. (Cat II impact)
Discussion
USB mass storage permits easy introduction of unknown devices, thereby facilitating malicious activity. Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227
Check Content
Verify that RHEL 9 disables the ability to load the USB Storage kernel module with the following command: $ sudo grep -r usb-storage /etc/modprobe.conf /etc/modprobe.d/* blacklist usb-storage If the command does not return any output, or the line is commented out, and use of USB Storage is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.
Fix Text
To configure the system to prevent the usb-storage kernel module from being loaded, add the following line to the file /etc/modprobe.d/usb-storage.conf (or create usb-storage.conf if it does not exist): install usb-storage /bin/false blacklist usb-storage
Additional Identifiers
Rule ID: SV-258034r997116_rule
Vulnerability ID: V-258034
Group Title: SRG-OS-000114-GPOS-00059
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
Implement the security configuration settings. |
| CCI-000778 |
Uniquely identify organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection. |
| CCI-001958 |
Authenticate organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection. |
| CCI-003959 |
Prohibit the use or connection of unauthorized hardware components. |