OL08-00-040020 - OL 8 must cover or disable the built-in or attached camera when not in use.

Information

It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.

Failing to disconnect from collaborative computing devices (i.e., cameras) can result in subsequent compromises of organizational information. Providing easy methods to physically disconnect from such devices after a collaborative computing session helps to ensure participants actually carry out the disconnect activity without having to go through complex and tedious procedures.

Solution

Configure OL 8 to disable the built-in or attached camera when not in use.

Build or modify the '/etc/modprobe.d/blacklist.conf' file by using the following example:

install uvcvideo /bin/false
blacklist uvcvideo

Reboot the system for the settings to take effect.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_8_V2R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-248828r958478_rule, STIG-ID|OL08-00-040020, Vuln-ID|V-248828

Plugin: Unix

Control ID: 978a43d34d37a6ccf445cad2163ff8b0c9d9ee4ccf58f3beff4acdab27339e3c