STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-219339r610963_rule
V-219339
SRG-OS-000378-GPOS-00163
UBTU-18-010509
CAT II
10
Configure the Ubuntu operating system to disable using the USB storage kernel module.
Create a file under "/etc/modprobe.d" to contain the following:
# sudo su -c "echo install usb-storage /bin/true >> /etc/modprobe.d/DISASTIG.conf"
Configure the operating system to disable the ability to use USB mass storage devices.
# sudo su -c "echo blacklist usb-storage >> /etc/modprobe.d/DISASTIG.conf"
Verify that Ubuntu operating system disables ability to load the USB storage kernel module.
# grep usb-storage /etc/modprobe.d/* | grep "/bin/true"
install usb-storage /bin/true
If the command does not return any output, or the line is commented out, this is a finding.
Verify the operating system disables the ability to use USB mass storage device.
# grep usb-storage /etc/modprobe.d/* | grep -i "blacklist"
blacklist usb-storage
If the command does not return any output, or the line is commented out, this is a finding.
V-219339
False
UBTU-18-010509
Verify that Ubuntu operating system disables ability to load the USB storage kernel module.
# grep usb-storage /etc/modprobe.d/* | grep "/bin/true"
install usb-storage /bin/true
If the command does not return any output, or the line is commented out, this is a finding.
Verify the operating system disables the ability to use USB mass storage device.
# grep usb-storage /etc/modprobe.d/* | grep -i "blacklist"
blacklist usb-storage
If the command does not return any output, or the line is commented out, this is a finding.
M
4055