-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathSV-257807.rb
54 lines (45 loc) · 2.15 KB
/
SV-257807.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
control 'SV-257807' do
title 'RHEL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.'
desc 'It is detrimental for operating systems to provide, or install by
default, functionality exceeding requirements or mission objectives. These
unnecessary capabilities or services are often overlooked and therefore may
remain unsecured. They increase the risk to the platform by providing
additional attack vectors.
Failing to disconnect unused protocols can result in a system compromise.
The Stream Control Transmission Protocol (SCTP) is a transport layer
protocol, designed to support the idea of message-oriented communication, with
several streams of messages within one connection. Disabling SCTP protects the
system against exploitation of any flaws in its implementation.'
desc 'check', 'Verify that RHEL 9 disables the ability to load the sctp kernel module with the following command:
$ sudo grep -r sctp /etc/modprobe.conf /etc/modprobe.d/*
blacklist sctp
If the command does not return any output, or the line is commented out, and use of sctp is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.'
desc 'fix', 'To configure the system to prevent the sctp kernel module from being loaded, add the following line to the file /etc/modprobe.d/sctp.conf (or create sctp.conf if it does not exist):
install sctp/bin/false
blacklist sctp'
impact 0.5
ref 'DPMS Target Red Hat Enterprise Linux 9'
tag severity: 'medium'
tag gtitle: 'SRG-OS-000095-GPOS-00049'
tag gid: 'V-257807'
tag rid: 'SV-257807r958478_rule'
tag stig_id: 'RHEL-09-213060'
tag fix_id: 'F-61472r952165_fix'
tag cci: ['CCI-000381']
tag nist: ['CM-7 a']
tag 'host'
only_if('This control is Not Applicable to containers', impact: 0.0) {
!virtualization.system.eql?('docker')
}
if input('sctp_required')
impact 0.0
describe 'N/A' do
skip "Profile inputs indicate that this parameter's setting is a documented operational requirement"
end
else
describe kernel_module('sctp') do
it { should be_disabled }
it { should be_blacklisted }
end
end
end