Kernel modules

You can file an issue about it and ask that it be added.

Kernel modules

Prevent kernel modules being loaded

Rationale

Although security vulnerabilities in kernel networking code are not frequently discovered, the consequences can be dramatic.

Solution

Disable DCCP support

Disabling DCCP protects the system against exploitation of any flaws in its implementation.

# Add to /etc/modprobe.d/modules.conf:
install dccp /bin/true

^{C2S/CIS: CCE-26828-4 (Medium)}

Disable SCTP support

Disabling SCTP protects the system against exploitation of any flaws in its implementation.

# Add to /etc/modprobe.d/modules.conf:
install sctp /bin/true

^{C2S/CIS: CCE-27106-4 (Medium)}

Comments

Useful resources

The Practical Linux Hardening Guide provides a high-level overview of the hardening GNU/Linux systems. It is not an official standard or handbook but it touches and use industry standards.

Basic information

`Core Layer`

`Kernel Layer`

`Extended Layer`

Entropy
Compilers
Devices

`Logging & Auditing`

Syslog
OSSEC
Tiger
Aide
Logwatch

`System Services`

NTP
Cron
GnuPG 2

`Other Services`

Bind9
Unbound
Postfix
Nginx
Apache
PostgreSQL
MySQL
Redis
AMQP

`Containers`

LXC/LXD
Docker

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Kernel modules

Table of Contents

Kernel modules

Prevent kernel modules being loaded

Rationale

Solution

Disable DCCP support

Disable SCTP support

Comments

Useful resources

Basic information

`Core Layer`

`Kernel Layer`

`Extended Layer`

`Logging & Auditing`

`System Services`

`Other Services`

`Containers`

Clone this wiki locally