OL6-00-000503 - The operating system must enforce requirements for the connection of mobile devices to operating systems.

Information

USB storage devices such as thumb drives can be used to introduce unauthorized software and other vulnerabilities. Support for these devices should be disabled and the devices themselves should be tightly controlled.

Solution

To prevent USB storage devices from being used, configure the kernel module loading system to prevent automatic loading of the USB storage driver. To configure the system to prevent the 'usb-storage' kernel module from being loaded, add the following line to a file in the directory '/etc/modprobe.d':

install usb-storage /bin/true

This will prevent the 'modprobe' program from loading the 'usb-storage' module, but will not prevent an administrator (or another program) from using the 'insmod' program to load the module manually.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_6_V2R6_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-3, CAT|II, CCI|CCI-000778, Rule-ID|SV-219584r793841_rule, STIG-ID|OL6-00-000503, STIG-Legacy|SV-64823, STIG-Legacy|V-50617, Vuln-ID|V-219584

Plugin: Unix

Control ID: 735397ea51ccf90034cdac9239f4dcb3048794f4e04e10b3192abfc2efe3e568