Prevent the Internetwork Packet Exchange (IPX) protocol from loading vRealize appliances by default. Potential attackers can exploit this protocol to compromise your system.

Avoid loading the IPX protocol module unless it is absolutely necessary. IPX protocol is an obsolete network-layer protocol. Binding this protocol to the network stack increases the attack surface of the host. Unprivileged local processes might cause the system to dynamically load a protocol handler by using the protocol to open a socket.

Procedure

  1. Open the /etc/modprobe.d/modprobe.conf file in a text editor.
  2. Ensure that the line install ipx /bin/false appears in this file.
  3. Save the file and close it.