metadata/service/system/cis/cis-3-5-1.yml - salt-formulas/linux - Gitiles

 # 3.5.2 Ensure DCCP is disabled
 #
 # Description
 # ===========
 # The Datagram Congestion Control Protocol (DCCP) is a transport layer protocol
 # that supports streaming media and telephony. DCCP provides a way to gain
 # access to congestion control, without having to do it at the application
 # layer, but does not provide in-sequence delivery.
 #
 # Rationale
 # =========
 # If the protocol is not required, it is recommended that the drivers not be
 # installed to reduce the potential attack surface.
 #
 # Audit
 # =====
 # Run the following commands and verify the output is as indicated:
 #
 #   # modprobe -n -v dccp
 #   install /bin/true
 #   # lsmod | grep dccp
 #   <No output>
 #
 # Remediation
 # ===========
 # Edit or create the file /etc/modprobe.d/CIS.conf and add the following line:
 #
 #   install dccp /bin/true
 #
 parameters:
   linux:
     system:
       kernel:
         module:
           dccp:
             install:
               command: /bin/true
	# 3.5.2 Ensure DCCP is disabled
	#
	# Description
	# ===========
	# The Datagram Congestion Control Protocol (DCCP) is a transport layer protocol
	# that supports streaming media and telephony. DCCP provides a way to gain
	# access to congestion control, without having to do it at the application
	# layer, but does not provide in-sequence delivery.
	#
	# Rationale
	# =========
	# If the protocol is not required, it is recommended that the drivers not be
	# installed to reduce the potential attack surface.
	#
	# Audit
	# =====
	# Run the following commands and verify the output is as indicated:
	#
	# # modprobe -n -v dccp
	# install /bin/true
	# # lsmod \| grep dccp
	# <No output>
	#
	# Remediation
	# ===========
	# Edit or create the file /etc/modprobe.d/CIS.conf and add the following line:
	#
	# install dccp /bin/true
	#
	parameters:
	linux:
	system:
	kernel:
	module:
	dccp:
	install:
	command: /bin/true