← Back to VMware vRealize Automation 7.x SLES Security Technical Implementation Guide

V-240450

CAT II (Medium)

The AppleTalk protocol must be disabled or not installed.

Rule ID

SV-240450r671091_rule

STIG

VMware vRealize Automation 7.x SLES Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-000382

Discussion

The AppleTalk suite of protocols is no longer in common use. Binding this protocol to the network stack increases the attack surface of the host. Unprivileged local processes may be able to cause the system to dynamically load a protocol handler by opening a socket using the protocol.

Check Content

Verify the AppleTalk protocol handler is prevented from dynamic loading:

# grep "install appletalk /bin/true" /etc/modprobe.conf /etc/modprobe.conf.local /etc/modprobe.d/* 

If no result is returned, this is a finding.

Fix Text

Prevent the AppleTalk protocol handler for dynamic loading:

# echo "install appletalk /bin/true" >> /etc/modprobe.conf.local