Check: OL6-00-000126
Oracle Linux 6 STIG:
OL6-00-000126
(in versions v2 r7 through v1 r9)
Title
The Reliable Datagram Sockets (RDS) protocol must be disabled unless required. (Cat III impact)
Discussion
Disabling RDS protects the system against exploitation of any flaws in its implementation.
Check Content
If the system is configured to prevent the loading of the "rds" kernel module, it will contain lines inside any file in "/etc/modprobe.d" or the deprecated"/etc/modprobe.conf". These lines instruct the module-loading system to run another program (such as "/bin/true") upon a module "install" event. Run the following command to search for such lines in all files in "/etc/modprobe.d" and the deprecated "/etc/modprobe.conf": $ grep -r rds /etc/modprobe.conf /etc/modprobe.d If no line is returned, this is a finding. This is not a finding if the RDS service is required for proper system or application operation. Oracle Engineered Systems such as Exadata use the RDS service for InfiniBand-based communication with storage services.
Fix Text
The Reliable Datagram Sockets (RDS) protocol is a transport layer protocol designed to provide reliable high- bandwidth, low-latency communications between nodes in a cluster. To configure the system to prevent the "rds" kernel module from being loaded, add the following line to a file in the directory "/etc/modprobe.d": install rds /bin/true
Additional Identifiers
Rule ID: SV-208868r793653_rule
Vulnerability ID: V-208868
Group Title: SRG-OS-000096
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000382 |
The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |