OL 9 must be configured to disable the FireWire kernel module.

STIG ID: OL09-00-000042  |  SRG: SRG-OS-000095-GPOS-00049 |  Severity: medium |  CCI: CCI-000381 |  Vulnerability Id: V-271445

Vulnerability Discussion

Disabling firewire protects the system against exploitation of any flaws in its implementation.

Check

Verify that OL 9 disables the ability to load the firewire-core kernel module with the following command:

$ grep -r firewire-core /etc/modprobe.conf /etc/modprobe.d/*
install firewire-core /bin/true
blacklist firewire-core

If the command does not return any output, or the line is commented out, and use of firewire-core is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.

Fix

Configure OL 9 to prevent the firewire-core kernel module from being loaded.

Add the following line to the file /etc/modprobe.d/firewire-core.conf (or create firewire-core.conf if it does not exist):

install firewire-core /bin/true
blacklist firewire-core
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.