STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The system must have USB Mass Storage disabled unless needed.

DISA Rule

SV-227978r603266_rule

Vulnerability Number

V-227978

Group Title

SRG-OS-000480

Rule Version

GEN008480

Severity

CAT III

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Prevent the USB drivers from loading:
# echo "exclude: usb_ac" >> /etc/system
# echo "exclude: usb_as" >> /etc/system
# echo "exclude: hid" >> /etc/system
# echo "exclude: scsa2usb" >> /etc/system
# echo "exclude: usbprn" >> /etc/system
# echo "exclude: usbser_edge" >> /etc/system

The system must be restarted for these changes to take effect.

Check Contents

If the system needs a particular USB driver for storage, this vulnerability is not applicable.

Check the current loaded kernel modules:

# modinfo | grep usb_ac
# modinfo | grep usb_as
# modinfo | grep hid
# modinfo | grep scsa2usb
# modinfo | grep usbprn
# modinfo | grep usbser_edge

If any command produces output, this is a finding.

Check the configuration of the /etc/system file:

# grep 'exclude: usb_ac' /etc/system
# grep 'exclude: usb_as' /etc/system
# grep 'exclude: hid' /etc/system
# grep 'exclude: scsa2usb' /etc/system
# grep 'exclude: usbprn' /etc/system
# grep 'exclude: usbser_edge' /etc/system

If no results are returned from any particular command, this is a finding.

The system must have USB Mass Storage disabled unless needed.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments