Check: RHEL-09-291010
RHEL 9 STIG:
RHEL-09-291010
(in versions v1 r3 through v1 r1)
Title
RHEL 9 must be configured to disable USB mass storage. (Cat II impact)
Discussion
USB mass storage permits easy introduction of unknown devices, thereby facilitating malicious activity. Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227
Check Content
Verify that RHEL 9 disables the ability to load the USB Storage kernel module with the following command: $ sudo grep -r usb-storage /etc/modprobe.conf /etc/modprobe.d/* blacklist usb-storage If the command does not return any output, or the line is commented out, and use of USB Storage is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.
Fix Text
To configure the system to prevent the usb-storage kernel module from being loaded, add the following line to the file /etc/modprobe.d/usb-storage.conf (or create usb-storage.conf if it does not exist): install usb-storage /bin/false blacklist usb-storage
Additional Identifiers
Rule ID: SV-258034r926089_rule
Vulnerability ID: V-258034
Group Title: SRG-OS-000114-GPOS-00059
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-000778 |
The information system uniquely identifies an organization-defined list of specific and/or types of devices before establishing a local, remote, or network connection. |
| CCI-001958 |
The information system authenticates an organization-defined list of specific and/or types of devices before establishing a local, remote, or network connection. |