STIG ID: SLES-15-010480 | SRG: SRG-OS-000378-GPOS-00163 | Severity: medium | CCI: | Vulnerability Id: V-234856
Without identifying devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity.
Peripherals include but are not limited to such devices as flash drives, external storage, and printers.
Configure the SUSE operating system to prevent USB mass storage devices from automounting when connected to the host.
Add or update the following line to the "/etc/modprobe.d/50-blacklist.conf" file:
blacklist usb-storage
Verify the SUSE operating system does not automount USB mass storage devices when connected to the host.
Check that "usb-storage" is blacklisted in the "/etc/modprobe.d/50-blacklist.conf" file with the following command:
> grep usb-storage /etc/modprobe.d/50-blacklist.conf
blacklist usb-storage
If nothing is output from the command, this is a finding.