UCF STIG Viewer Logo

The Reliable Datagram Sockets (RDS) protocol must be disabled or not installed unless required.


Overview

Finding ID Version Rule ID IA Controls Severity
V-227958 GEN007480 SV-227958r603266_rule Medium
Description
The Reliable Datagram Sockets (RDS) protocol is a relatively new protocol developed by Oracle for communication between the nodes of a cluster. Binding this protocol to the network stack increases the attack surface of the host. Unprivileged local processes may be able to cause the system to dynamically load a protocol handler by opening a socket using the protocol. Satisfies: SRG-OS-000096, SRG-OS-000510
STIG Date
Solaris 10 X86 Security Technical Implementation Guide 2022-09-07

Details

Check Text ( C-30120r490306_chk )
Ask the SA if RDS is required by application software running on the system. If so, this is not applicable.

Verify the RDS protocol handler is not installed.
# pkginfo | grep SUNWrds
If no results are returned, this is not a finding.

Verify the RDS protocol handler is prevented from dynamic loading.
# grep "exclude: rds" /etc/system
If no result is returned, this is a finding.
Fix Text (F-30108r490307_fix)
Remove the RDS protocol handler package.
# pkgrm SUNWrds

OR

Prevent the RDS protocol handler from dynamic loading.
# echo "exclude: rds" >> /etc/system