iCompaas Support

Profile Applicability:
 • Level 2

Description:
 The Transparent Inter-Process Communication (TIPC) kernel module provides network communication between cluster nodes. If not required, disabling or removing the TIPC module reduces the system’s attack surface by limiting unnecessary kernel components.

Rationale:
 Disabling unused kernel modules like TIPC hardens the system by minimizing exposed functionality and potential vulnerabilities.

Impact:
 Pros:

• Reduces attack surface by removing unused kernel protocol support.
  

• Limits exposure to potential exploits targeting TIPC.
  

Cons:

• May affect applications relying on TIPC (rare in most environments).
  

Default Value:
 TIPC kernel module may be included but is often not loaded by default.

Pre-requisites:

• Root or sudo privileges to manage kernel modules.
  

Remediation:

Test Plan:

Using Linux command line:

1. Check if TIPC module is loaded:

lsmod | grep tipc

2. Confirm that the TIPC module is not loaded.

Implementation Plan:

Using Linux command line:

1. Remove TIPC module from the running kernel:

modprobe -r tipc

2. Prevent TIPC module from loading on boot by blacklisting it:

echo "blacklist tipc" >> /etc/modprobe.d/blacklist.conf

3. Update the initial ramdisk (if necessary):

dracut -f

Backout Plan:

Using Linux command line:

1. Remove blacklist entry to allow module loading:

sed -i '/blacklist tipc/d' /etc/modprobe.d/blacklist.conf

2. Load TIPC module if required:

modprobe tipc

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• Linux Kernel Module Documentation