Detections
Analytics
PHTN-40-000047 - The Photon operating system must disable unnecessary kernel modules.
Information
It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.Operating systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions).
Examples of nonessential capabilities include, but are not limited to, games, software packages, tools, and demonstration software, not related to requirements or providing a wide array of functionality not required for every mission, but which cannot be disabled.
Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000114-GPOS-00059
Solution
Navigate to and open:/etc/modprobe.d/modprobe.conf
Set the contents as follows:
install sctp /bin/false
install dccp /bin/false
install dccp_ipv4 /bin/false
install dccp_ipv6 /bin/false
install ipx /bin/false
install appletalk /bin/false
install decnet /bin/false
install rds /bin/false
install tipc /bin/false
install bluetooth /bin/false
install usb_storage /bin/false
install ieee1394 /bin/false
install cramfs /bin/false
install freevxfs /bin/false
install jffs2 /bin/false
install hfs /bin/false
install hfsplus /bin/false
install squashfs /bin/false
install udf /bin/false
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_8-0_Y24M08_STIG.zip
Item Details
Category: CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION
References: 800-53|CM-7a., 800-53|IA-3, CAT|II, CCI|CCI-000381, CCI|CCI-000778, Rule-ID|SV-258825r1003641_rule, STIG-ID|PHTN-40-000047, Vuln-ID|V-258825
Plugin: Unix
Control ID: cb4c0a1c1c97521f629539ed95efcc43a7b739324a0ea2fa72c9e022ed027fa7