UCF STIG Viewer Logo

The Datagram Congestion Control Protocol (DCCP) must be disabled unless required.


Overview

Finding ID Version Rule ID IA Controls Severity
V-208866 OL6-00-000124 SV-208866r793651_rule Medium
Description
Disabling DCCP protects the system against exploitation of any flaws in its implementation.
STIG Date
Oracle Linux 6 Security Technical Implementation Guide 2021-12-03

Details

Check Text ( C-9119r357578_chk )
If the system is configured to prevent the loading of the "dccp" kernel module, it will contain lines inside any file in "/etc/modprobe.d" or the deprecated"/etc/modprobe.conf". These lines instruct the module loading system to run another program (such as "/bin/true") upon a module "install" event. Run the following command to search for such lines in all files in "/etc/modprobe.d" and the deprecated "/etc/modprobe.conf":

grep -r dccp /etc/modprobe.conf /etc/modprobe.d | grep -i “/bin/true”

If no line is returned, this is a finding.
Fix Text (F-9119r357579_fix)
The Datagram Congestion Control Protocol (DCCP) is a relatively new transport layer protocol, designed to support streaming media and telephony. To configure the system to prevent the "dccp" kernel module from being loaded, add the following line to a file in the directory "/etc/modprobe.d":

install dccp /bin/true