{"description": "\nThe <code>usbguard</code> package can be installed with the following command:\n<pre>\n$ apt-get install usbguard</pre>", "rationale": "<tt>usbguard</tt> is a software framework that helps to protect\nagainst rogue USB devices by implementing basic whitelisting/blacklisting\ncapabilities based on USB device attributes.", "severity": "medium", "references": {"nist": ["CM-8(3)", "IA-3"], "ospp": ["FMT_SMF_EXT.1"], "srg": ["SRG-OS-000378-GPOS-00163", "SRG-APP-000141-CTR-000315"], "ism": ["1418"]}, "control_references": {"ism": ["1418"]}, "components": [], "identifiers": {}, "ocil_clause": "the package is not installed", "ocil": " Run the following command to determine if the <code>usbguard</code> package is installed: <pre>$ dpkg -l  usbguard</pre>", "oval_external_content": null, "fixtext": "The <code>usbguard</code> package can be installed with the following command:\n<pre>\n$ apt-get install usbguard</pre>", "checktext": "", "vuldiscussion": "", "srg_requirement": " Ubuntu 22.04 must have the usbguard package installed.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must have the USBGuard package installed.", "vuldiscussion": "The USBguard-daemon is the main component of the USBGuard software framework. It runs as a service in the background and enforces the USB device authorization policy for all USB devices. The policy is defined by a set of rules using a rule language described in the usbguard-rules.conf file. The policy and the authorization state of USB devices can be modified during runtime using the usbguard tool.\n\nThe system administrator (SA) must work with the site information system security officer (ISSO) to determine a list of authorized peripherals and establish rules within the USBGuard software framework to allow only authorized devices.", "checktext": "Verify USBGuard is installed on the operating system with the following command:\n\n$ sudo dnf list installed usbguard\n\nExample output:\n\nInstalled Packages\nusbguard.x86_64          1.0.0-10.el9_1.2          @rhel-9-for-x86_64-appstream-rpms\n\nIf the USBGuard package is not installed, ask the SA to indicate how unauthorized peripherals are being blocked.\n\nIf there is no evidence that unauthorized peripherals are being blocked before establishing a connection, this is a finding.\n\nIf the system is virtual machine with no virtual or physical USB peripherals attached, this is not a finding.", "fixtext": "Install the usbguard package with the following command:\n\n$ sudo dnf install usbguard\n\nEnable the service to start on boot and then start it with the following commands:\n$ sudo systemctl enable usbguard\n$ sudo systemctl start usbguard\n\nVerify the status of the service with the following command:\n$ sudo systemctl status usbguard\n\nNote: usbguard will need to be configured to allow authorized devices once it is enabled on Ubuntu 22.04."}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["not_s390x_arch and system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["not_s390x_arch_and_system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Install usbguard Package", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml", "template": {"name": "package_installed", "vars": {"pkgname": "usbguard"}, "backends": {}}}