Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-51001 | OL6-00-000126 | SV-65207r1_rule | Low |
Description |
---|
Disabling RDS protects the system against exploitation of any flaws in its implementation. |
STIG | Date |
---|---|
Oracle Linux 6 Security Technical Implementation Guide | 2016-06-05 |
Check Text ( C-53443r1_chk ) |
---|
If the system is configured to prevent the loading of the "rds" kernel module, it will contain lines inside any file in "/etc/modprobe.d" or the deprecated"/etc/modprobe.conf". These lines instruct the module-loading system to run another program (such as "/bin/true") upon a module "install" event. Run the following command to search for such lines in all files in "/etc/modprobe.d" and the deprecated "/etc/modprobe.conf": $ grep -r rds /etc/modprobe.conf /etc/modprobe.d If no line is returned, this is a finding. This is not a finding if the RDS service is required for proper system or application operation. Oracle Engineered Systems such as Exadata use the RDS service for InfiniBand-based communication with storage services. |
Fix Text (F-55805r1_fix) |
---|
The Reliable Datagram Sockets (RDS) protocol is a transport layer protocol designed to provide reliable high- bandwidth, low-latency communications between nodes in a cluster. To configure the system to prevent the "rds" kernel module from being loaded, add the following line to a file in the directory "/etc/modprobe.d": install rds /bin/true |