Title

The Transparent Inter-Process Communication (TIPC) protocol must be disabled unless required. (Cat II impact)

Discussion

Disabling TIPC protects the system against exploitation of any flaws in its implementation.

Check Content

If the system is configured to prevent the loading of the "tipc" kernel module, it will contain lines inside any file in "/etc/modprobe.d" or the deprecated"/etc/modprobe.conf". These lines instruct the module loading system to run another program (such as "/bin/true") upon a module "install" event. Run the following command to search for such lines in all files in "/etc/modprobe.d" and the deprecated "/etc/modprobe.conf": $ grep -r tipc /etc/modprobe.conf /etc/modprobe.d | grep -i “/bin/true”| grep -v “#” If no line is returned, this is a finding.

Fix Text

The Transparent Inter-Process Communication (TIPC) protocol is designed to provide communications between nodes in a cluster. To configure the system to prevent the "tipc" kernel module from being loaded, add the following line to a file in the directory "/etc/modprobe.d": install tipc /bin/true

Additional Identifiers

Rule ID: SV-217937r603264_rule

Vulnerability ID: V-217937

Group Title: SRG-OS-000096

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.