STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The SUSE operating system must disable the USB mass storage kernel module.

DISA Rule

SV-234856r622137_rule

Vulnerability Number

V-234856

Group Title

SRG-OS-000378-GPOS-00163

Rule Version

SLES-15-010480

Severity

CAT II

CCI(s)

• CCI-001958 - The information system authenticates an organization-defined list of specific and/or types of devices before establishing a local, remote, or network connection.

Weight

10

Fix Recommendation

Configure the SUSE operating system to prevent USB mass storage devices from automounting when connected to the host.

Add or update the following line to the "/etc/modprobe.d/50-blacklist.conf" file:

blacklist usb-storage

Check Contents

Verify the SUSE operating system does not automount USB mass storage devices when connected to the host.

Check that "usb-storage" is blacklisted in the "/etc/modprobe.d/50-blacklist.conf" file with the following command:

> grep usb-storage /etc/modprobe.d/50-blacklist.conf
blacklist usb-storage

If nothing is output from the command, this is a finding.

Vulnerability Number

V-234856

Documentable

False

Rule Version

SLES-15-010480

Severity Override Guidance

Verify the SUSE operating system does not automount USB mass storage devices when connected to the host.

Check that "usb-storage" is blacklisted in the "/etc/modprobe.d/50-blacklist.conf" file with the following command:

> grep usb-storage /etc/modprobe.d/50-blacklist.conf
blacklist usb-storage

If nothing is output from the command, this is a finding.

Check Content Reference

M

Target Key

5274

Comments