Check: GEN008480
Solaris 10 SPARC STIG:
GEN008480
(in versions v2 r4 through v1 r19)
Title
The system must have USB Mass Storage disabled unless needed. (Cat III impact)
Discussion
USB is a common computer peripheral interface. USB devices may include storage devices that could be used to install malicious software on a system or exfiltrate data.
Check Content
If the system needs a particular USB driver for storage, this vulnerability is not applicable. Check the current loaded kernel modules: # modinfo | grep usb_ac # modinfo | grep usb_as # modinfo | grep hid # modinfo | grep scsa2usb # modinfo | grep usbprn # modinfo | grep usbser_edge If any command produces output, this is a finding. Check the configuration of the /etc/system file: # grep 'exclude: usb_ac' /etc/system # grep 'exclude: usb_as' /etc/system # grep 'exclude: hid' /etc/system # grep 'exclude: scsa2usb' /etc/system # grep 'exclude: usbprn' /etc/system # grep 'exclude: usbser_edge' /etc/system If no results are returned from any particular command, this is a finding.
Fix Text
Prevent the USB drivers from loading: # echo "exclude: usb_ac" >> /etc/system # echo "exclude: usb_as" >> /etc/system # echo "exclude: hid" >> /etc/system # echo "exclude: scsa2usb" >> /etc/system # echo "exclude: usbprn" >> /etc/system # echo "exclude: usbser_edge" >> /etc/system The system must be restarted for these changes to take effect.
Additional Identifiers
Rule ID: SV-227069r603265_rule
Vulnerability ID: V-227069
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |