iCompaas Support

Profile Applicability:
 • Level 2

Description:
 The Stream Control Transmission Protocol (SCTP) kernel module supports a transport layer protocol used in telecommunications and other systems. If not required, disabling or removing the SCTP module reduces the system’s attack surface by limiting unnecessary kernel components.

Rationale:
 Disabling unused kernel modules like SCTP hardens the system by minimizing exposed functionality and potential vulnerabilities.

Impact:
 Pros:

• Reduces attack surface by removing unused kernel protocol support.
  

• Limits exposure to potential exploits targeting SCTP.
  

Cons:

• May affect applications relying on SCTP (uncommon in typical environments).
  

Default Value:
 SCTP kernel module may be included but is often not loaded by default.

Pre-requisites:

• Root or sudo privileges to manage kernel modules.
  

Remediation:

Test Plan:

Using Linux command line:

1. Check if SCTP module is loaded:

lsmod | grep sctp

2. Confirm that the SCTP module is not loaded.

Implementation Plan:

Using Linux command line:

1. Remove SCTP module from the running kernel:

modprobe -r sctp

2. Prevent SCTP module from loading on boot by blacklisting it:

echo "blacklist sctp" >> /etc/modprobe.d/blacklist.conf

3. Update initial ramdisk if necessary:

dracut -f

Backout Plan:

Using Linux command line:

1. Remove blacklist entry to allow module loading:

sed -i '/blacklist sctp/d' /etc/modprobe.d/blacklist.conf

2. Load SCTP module if needed:

modprobe sctp

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• Linux Kernel Module Documentation