As part of your system hardening activities, prevent the Datagram Congestion Protocol (DCCP) from loading on your virtual appliance host machines by default. Potential attackers can exploit this protocol to compromise your system.

About this task

Avoid loading the Datagram Congestion Control Protocol (DCCP) module, unless it is absolutely necessary. DCCP is a proposed transport layer protocol, which is not used. Binding this protocol to the network stack increases the attack surface of the host. Unprivileged local processes can cause the kernel to dynamically load a protocol handler by using the protocol to open a socket.

Procedure

  1. Open the /etc/modprobe.conf.local file in a text editor.
  2. Ensure that the DCCP lines appear in the file.
    install dccp/bin/true
     install dccp_ipv4/bin/true
     install dccp_ipv6/bin/true
  3. Save the file and close it.