STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-230524r627750_rule
V-230524
SRG-OS-000378-GPOS-00163
RHEL-08-040140
CAT II
10
Configure the operating system to enable the blocking of unauthorized peripherals with the following commands:
$ sudo yum install usbguard.x86_64
$ sudo usbguard generate-policy > /etc/usbguard/rules.conf
$ sudo systemctl enable usbguard.service
$ sudo systemctl start usbguard.service
Note: Enabling and starting usbguard without properly configuring it for an individual system will immediately prevent any access over a usb device such as a keyboard or mouse
Verify the operating system has enabled the use of USBGuard with the following command:
$ sudo systemctl status usbguard.service
usbguard.service - USBGuard daemon
Loaded: loaded (/usr/lib/systemd/system/usbguard.service; enabled; vendor preset: disabled)
Active: active (running)
If the usbguard.service is not installed and active, ask the SA to indicate how unauthorized peripherals are being blocked.
If there is no evidence that unauthorized peripherals can be blocked before establishing a connection, this is a finding.
V-230524
False
RHEL-08-040140
Verify the operating system has enabled the use of USBGuard with the following command:
$ sudo systemctl status usbguard.service
usbguard.service - USBGuard daemon
Loaded: loaded (/usr/lib/systemd/system/usbguard.service; enabled; vendor preset: disabled)
Active: active (running)
If the usbguard.service is not installed and active, ask the SA to indicate how unauthorized peripherals are being blocked.
If there is no evidence that unauthorized peripherals can be blocked before establishing a connection, this is a finding.
M
2921