UCF STIG Viewer Logo

The Reliable Datagram Sockets (RDS) protocol must be disabled or not installed unless required.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22530 GEN007480 SV-63451r1_rule Medium
Description
The RDS protocol is a relatively new protocol developed by Oracle for communication between the nodes of a cluster. Binding this protocol to the network stack increases the attack surface of the host. Unprivileged local processes may be able to cause the system to dynamically load a protocol handler by opening a socket using the protocol.
STIG Date
Oracle Linux 5 Security Technical Implementation Guide 2020-02-25

Details

Check Text ( C-52151r1_chk )
Ask the SA if RDS is required by application software running on the system. If so, this is not applicable.

Verify the RDS protocol handler is prevented from dynamic loading.
# grep 'install rds /bin/true' /etc/modprobe.conf /etc/modprobe.d/*
If no result is returned, this is a finding.
Fix Text (F-54057r1_fix)
Prevent the RDS protocol handler for dynamic loading.
# echo "install rds /bin/true" >> /etc/modprobe.conf