OL07-00-020100 - The Oracle Linux operating system must be configured to disable USB mass storage - blacklist.

Information

USB mass storage permits easy introduction of unknown devices, thereby facilitating malicious activity.

Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227

Solution

Configure the operating system to disable the ability to use the USB Storage kernel module.

Create a file under '/etc/modprobe.d' with the following command:

# touch /etc/modprobe.d/usb-storage.conf

Add the following line to the created file:

install usb-storage /bin/false

Configure the operating system to disable the ability to use USB mass storage devices.

# vi /etc/modprobe.d/blacklist.conf

Add or update the line:

blacklist usb-storage

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_7_V3R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

References: 800-53|CM-6b., 800-53|IA-3, CAT|II, CCI|CCI-000366, CCI|CCI-000778, CCI|CCI-001958, Rule-ID|SV-221712r958498_rule, STIG-ID|OL07-00-020100, STIG-Legacy|SV-108267, STIG-Legacy|V-99163, Vuln-ID|V-221712

Plugin: Unix

Control ID: bcbd9cf5b75c544f3f537682c273037b385f3da26773c6a2977bf7c9c87f80a4