STIGQter STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Reliable Datagram Sockets (RDS) protocol must be disabled unless required.

DISA Rule

SV-208868r603263_rule

Vulnerability Number

V-208868

Group Title

SRG-OS-000096

Rule Version

OL6-00-000126

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

The Reliable Datagram Sockets (RDS) protocol is a transport layer protocol designed to provide reliable high- bandwidth, low-latency communications between nodes in a cluster. To configure the system to prevent the "rds" kernel module from being loaded, add the following line to a file in the directory "/etc/modprobe.d":

install rds /bin/true

Check Contents

If the system is configured to prevent the loading of the "rds" kernel module, it will contain lines inside any file in "/etc/modprobe.d" or the deprecated"/etc/modprobe.conf". These lines instruct the module-loading system to run another program (such as "/bin/true") upon a module "install" event. Run the following command to search for such lines in all files in "/etc/modprobe.d" and the deprecated "/etc/modprobe.conf":

$ grep -r rds /etc/modprobe.conf /etc/modprobe.d

If no line is returned, this is a finding.

This is not a finding if the RDS service is required for proper system or application operation. Oracle Engineered Systems such as Exadata use the RDS service for InfiniBand-based communication with storage services.

Vulnerability Number

V-208868

Documentable

False

Rule Version

OL6-00-000126

Severity Override Guidance

If the system is configured to prevent the loading of the "rds" kernel module, it will contain lines inside any file in "/etc/modprobe.d" or the deprecated"/etc/modprobe.conf". These lines instruct the module-loading system to run another program (such as "/bin/true") upon a module "install" event. Run the following command to search for such lines in all files in "/etc/modprobe.d" and the deprecated "/etc/modprobe.conf":

$ grep -r rds /etc/modprobe.conf /etc/modprobe.d

If no line is returned, this is a finding.

This is not a finding if the RDS service is required for proper system or application operation. Oracle Engineered Systems such as Exadata use the RDS service for InfiniBand-based communication with storage services.

Check Content Reference

M

Target Key

2928

Comments