Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22530 | GEN007480 | SV-45975r1_rule | Medium |
Description |
---|
The RDS protocol is a relatively new protocol developed by Oracle for communication between the nodes of a cluster. Binding this protocol to the network stack increases the attack surface of the host. Unprivileged local processes may be able to cause the system to dynamically load a protocol handler by opening a socket using the protocol. |
STIG | Date |
---|---|
SUSE Linux Enterprise Server v11 for System z | 2016-12-20 |
Check Text ( C-43257r1_chk ) |
---|
Ask the SA if RDS is required by application software running on the system. If so, this is not applicable. Verify the RDS protocol handler is prevented from dynamic loading. # grep 'install rds' /etc/modprobe.conf /etc/modprobe.conf.local /etc/modprobe.d/* | grep ‘/bin/true’ If no result is returned, this is a finding. |
Fix Text (F-39340r1_fix) |
---|
Prevent the RDS protocol handler for dynamic loading. # echo "install rds /bin/true" >> /etc/modprobe.conf.local |