GEN008460 - The system must have USB disabled unless needed - '/proc/bus/usb'

Information

USB is a common computer peripheral interface. USB devices may include storage devices with the potential to install malicious software on a system or exfiltrate data.

Solution

Edit the grub bootloader file '/boot/grub/grub.conf' or '/boot/grub/menu.lst' by appending the 'nousb' parameter to the kernel boot line.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|III, CCI|CCI-000366, Rule-ID|SV-218714r603259_rule, STIG-ID|GEN008460, STIG-Legacy|SV-63189, STIG-Legacy|V-22578, Vuln-ID|V-218714

Plugin: Unix

Control ID: 69fc0446ff91fdf94e7d37933f940124a187ef258f042e75411d0bab39c2926b