STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

RHEL 8 must disable IEEE 1394 (FireWire) Support.

DISA Rule

SV-230499r627750_rule

Vulnerability Number

V-230499

Group Title

SRG-OS-000095-GPOS-00049

Rule Version

RHEL-08-040026

Severity

CAT III

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Configure the operating system to disable the ability to use the firewire-core kernel module.

Add or update the following lines in the file "/etc/modprobe.d/blacklist.conf":

install firewire-core /bin/true
blacklist firewire-core

Reboot the system for the settings to take effect.

Check Contents

Verify the operating system disables the ability to load the firewire-core kernel module.

$ sudo grep -ri firewire-core /etc/modprobe.d/* | grep -i "/bin/true"

install firewire-core /bin/true

If the command does not return any output, or the line is commented out, and use of the firewire-core protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.

Verify the operating system disables the ability to use the firewire-core kernel module.

Check to see if the firewire-core kernel module is disabled with the following command:

$ sudo grep -ri firewire-core /etc/modprobe.d/* | grep -i "blacklist"

blacklist firewire-core

If the command does not return any output or the output is not "blacklist firewire-core", and use of the firewire-core kernel module is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.

Vulnerability Number

V-230499

Documentable

False

Rule Version

RHEL-08-040026

Severity Override Guidance

Verify the operating system disables the ability to load the firewire-core kernel module.

$ sudo grep -ri firewire-core /etc/modprobe.d/* | grep -i "/bin/true"

install firewire-core /bin/true

If the command does not return any output, or the line is commented out, and use of the firewire-core protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.

Verify the operating system disables the ability to use the firewire-core kernel module.

Check to see if the firewire-core kernel module is disabled with the following command:

$ sudo grep -ri firewire-core /etc/modprobe.d/* | grep -i "blacklist"

blacklist firewire-core

If the command does not return any output or the output is not "blacklist firewire-core", and use of the firewire-core kernel module is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.

Check Content Reference

M

Target Key

2921

Comments