Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-215394 | AIX7-00-003089 | SV-215394r508663_rule | Medium |
Description |
---|
The Reliable Datagram Sockets (RDS) protocol is a relatively new protocol developed by Oracle for communication between the nodes of a cluster. Binding this protocol to the network stack increases the attack surface of the host. Unprivileged local processes may be able to cause the system to dynamically load a protocol handler by opening a socket using the protocol. AIX has RDS protocol installed as part of the 'bos.net.tcp.client' fileset. The RDS protocol in primarily used for communication on INFI-Band interfaces. The protocol is manually loaded with the bypassctrl command. To prevent possible attacks this protocol must be disabled unless required. |
STIG | Date |
---|---|
IBM AIX 7.x Security Technical Implementation Guide | 2023-05-17 |
Check Text ( C-16592r294633_chk ) |
---|
Determine if RDS is currently loaded: # genkex | grep rds If there is any output from the command, this is a finding. |
Fix Text (F-16590r294634_fix) |
---|
Configure the system to not automatically load the RDS protocol handler. Check startup scripts for "bypasscrtl load rds" and comment out the "bypassctrl" commands. Unload the driver from the kernel: # bypassctrl unload rds |