3.4.3 Ensure RDS is disabled - modprobe

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The Reliable Datagram Sockets (RDS) protocol is a transport layer protocol designed to provide low-latency, high-bandwidth communications between cluster nodes. It was developed by the Oracle Corporation.

Rationale:

If the protocol is not being used, it is recommended that kernel module not be loaded, disabling the service to reduce the potential attack surface.

Solution

Run the following script to disable rds:

#!/usr/bin/env bash

{
l_mname='rds' # set module name
if ! modprobe -n -v '$l_mname' | grep -P -- '^h*install /bin/(true|false)'; then
echo -e ' - setting module: '$l_mname' to be not loadable'
echo -e 'install $l_mname /bin/false' >> /etc/modprobe.d/'$l_mname'.conf
fi
if lsmod | grep '$l_mname' > /dev/null 2>&1; then
echo -e ' - unloading module '$l_mname''
modprobe -r '$l_mname'
fi
if ! grep -Pq -- '^h*blacklisth+$l_mnameb' /etc/modprobe.d/*; then
echo -e ' - deny listing '$l_mname''
echo -e 'blacklist $l_mname' >> /etc/modprobe.d/'$l_mname'.conf
fi
}

See Also

https://workbench.cisecurity.org/files/4068