As part of your system hardening activities, prevent the Reliable Datagram Sockets Protocol (RDS) from loading on your virtual appliance host machines by default. Potential attackers can exploit this protocol to compromise your system.

About this task

Binding the Reliable Datagram Sockets (RDS) Protocol to the network stack increases the attack surface of the host. Unprivileged local processes can cause the system to dynamically load a protocol handler by using the protocol to open a socket.

Procedure

  1. Open the /etc/modprobe.conf.local file in a text editor.
  2. Ensure that the install rds /bin/true line appears in this file.
  3. Save the file and close it.