Details

To support the requirements and principles of least functionality, the operating system must provide only essential capabilities and limit the use of modules, protocols, and/or services to only those required for the proper functioning of the product.

Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000114-GPOS-00059

Solution

Open /etc/modprobe.d/modprobe.conf with a text editor and set the contents as follows:

install sctp /bin/false
install dccp /bin/false
install dccp_ipv4 /bin/false
install dccp_ipv6 /bin/false
install ipx /bin/false
install appletalk /bin/false
install decnet /bin/false
install rds /bin/false
install tipc /bin/false
install bluetooth /bin/false
install usb-storage /bin/false
install ieee1394 /bin/false
install cramfs /bin/false
install freevxfs /bin/false
install jffs2 /bin/false
install hfs /bin/false
install hfsplus /bin/false
install squashfs /bin/false
install udf /bin/false

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management, Identification and Authentication.This control applies to the following type of system Unix.

References

• 800-53|CM-7b.
• 800-53|IA-3
• CAT|II
• CCI|CCI-000382
• CCI|CCI-000778
• Rule-ID|SV-239105r675123_rule
• STIG-ID|PHTN-67-000033
• Vuln-ID|V-239105

Source

• Tenable.com/audits