Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-227958 | GEN007480 | SV-227958r505926_rule | Medium |
Description |
---|
The Reliable Datagram Sockets (RDS) protocol is a relatively new protocol developed by Oracle for communication between the nodes of a cluster. Binding this protocol to the network stack increases the attack surface of the host. Unprivileged local processes may be able to cause the system to dynamically load a protocol handler by opening a socket using the protocol. Satisfies: SRG-OS-000096, SRG-OS-000510 |
STIG | Date |
---|---|
Solaris 10 X86 Security Technical Implementation Guide | 2020-09-04 |
Check Text ( C-30120r490306_chk ) |
---|
Ask the SA if RDS is required by application software running on the system. If so, this is not applicable. Verify the RDS protocol handler is not installed. # pkginfo | grep SUNWrds If no results are returned, this is not a finding. Verify the RDS protocol handler is prevented from dynamic loading. # grep "exclude: rds" /etc/system If no result is returned, this is a finding. |
Fix Text (F-30108r490307_fix) |
---|
Remove the RDS protocol handler package. # pkgrm SUNWrds OR Prevent the RDS protocol handler from dynamic loading. # echo "exclude: rds" >> /etc/system |