Prevent the Stream Control Transmission Protocol (SCTP) from loading on your system by default. Potential attackers could exploit this protocol to compromise your system.

About this task

Configure your system to prevent the Stream Control Transmission Protocol (SCTP) module from loading unless it is absolutely necessary. SCTP is an unused IETF-standardized transport layer protocol. Binding this protocol to the network stack increases the attack surface of the host. Unprivileged local processes could cause the kernel to dynamically load a protocol handler by opening a socket using the protocol.

Procedure

  1. Open the /etc/modprobe.conf.local file in a text editor.
  2. Ensure that the following line appears in this file.

    install sctp /bin/true

  3. Save the file and close it.