Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22530 | GEN007480 | SV-63451r1_rule | ECSC-1 | Medium |
Description |
---|
The RDS protocol is a relatively new protocol developed by Oracle for communication between the nodes of a cluster. Binding this protocol to the network stack increases the attack surface of the host. Unprivileged local processes may be able to cause the system to dynamically load a protocol handler by opening a socket using the protocol. |
STIG | Date |
---|---|
Oracle Linux 5 Security Technical Implementation Guide | 2015-06-05 |
Check Text ( C-52151r1_chk ) |
---|
Ask the SA if RDS is required by application software running on the system. If so, this is not applicable. Verify the RDS protocol handler is prevented from dynamic loading. # grep 'install rds /bin/true' /etc/modprobe.conf /etc/modprobe.d/* If no result is returned, this is a finding. |
Fix Text (F-54057r1_fix) |
---|
Prevent the RDS protocol handler for dynamic loading. # echo "install rds /bin/true" >> /etc/modprobe.conf |