The Red Hat Enterprise Linux operating system must be configured to disable USB mass storage.

An XCCDF Rule

Details
Profiles

Description

USB mass storage permits easy introduction of unknown devices, thereby facilitating malicious activity. Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227

ID: SV-204449r942894_rule
Version: RHEL-07-020100
Severity: Medium
References: CCI-000366 CCI-000778 CCI-001958
Updated: 5 days ago

Remediation Templates

Configure the operating system to disable the ability to use the USB Storage kernel module.

Create a file under "/etc/modprobe.d" with the following command:

     # touch /etc/modprobe.d/usb-storage.conf
Add the following line to the created file:

     install usb-storage /bin/false

Configure the operating system to disable the ability to use USB mass storage devices.

     # vi /etc/modprobe.d/blacklist.conf

Add or update the line:

     blacklist usb-storage

The Red Hat Enterprise Linux operating system must be configured to disable USB mass storage.

Description

Remediation Templates

A Manual Procedure