AlmaLinux OS 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.

STIG ID: ALMA-09-030050  |  SRG: SRG-OS-000095-GPOS-00049 |  Severity: medium |  CCI: CCI-000381 |  Vulnerability Id: V-269345

Vulnerability Discussion

The SCTP is a transport layer protocol, designed to support the idea of message-oriented communication, with several streams of messages within one connection.

Disabling SCTP protects the system against exploitation of any flaws in its implementation.

Check

Verify that AlmaLinux OS 9 disables the ability to load the SCTP kernel module with the following command:

$ grep -r sctp /etc/modprobe.conf /etc/modprobe.d/*

/etc/modprobe.d/sctp.conf:install sctp /bin/false
/etc/modprobe.d/sctp.conf:blacklist sctp

If the command does not return any output, or the line is commented out, and use of SCTP is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.

Fix

To configure the system to prevent the SCTP kernel module from being loaded, run the following command:

$ cat << EOF | tee /etc/modprobe.d/sctp.conf
install sctp /bin/false
blacklist sctp
EOF
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.