Title

USB drives automatically load when inserted into the ESX Server host. (Cat II impact)

Discussion

External USB drives may be inserted into the ESX Server and be loaded automatically on the service console. The USB drive will still need to be mounted, but drivers are loaded to recognize the device. Malicious users may be able to run malicious code on the ESX Server and go undetected since the USB drive is external. Therefore, USB drives will not be loaded automatically within the ESX Server.

Check Content

At the ESX Server service console terminal, type the following: # grep usb /etc/modules.conf Verify that all “alias usb-controller“ text is commented out with a pound sign (#). Text should look similar to the following: # alias usb-controller usb-uhci # alias usb-controller1 usb-ohci If not, this is a finding. Caveat: This is not applicable to usb keyboards and mice that are plugged into the system. If this is the case, this check is Not Applicable.

Fix Text

Disable the external USB drive from loading automatically.

Additional Identifiers

Rule ID: SV-16732r1_rule

Vulnerability ID: V-15793

Group Title: USB drives automatically load on ESX Server host.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.