STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Red Hat Enterprise Linux 10 Security Technical Implementation Guide

V-281312

CAT II (Medium)

RHEL 10 must be configured to disable the Controller Area Network (CAN) kernel module.

Rule ID

SV-281312r1167086_rule

STIG

Red Hat Enterprise Linux 10 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000381

Discussion

Disabling CAN protects the system against exploitation of any flaws in its implementation.

Check Content

Verify RHEL 10 disables the ability to load the CAN kernel module with the following command:

$ sudo grep -rs can /etc/modprobe.conf /etc/modprobe.d/* | grep -v '#'
/etc/modprobe.d/can.conf:install can /bin/false
/etc/modprobe.d/can.conf:blacklist can

If the command does not return any output, or the lines are commented out, and use of CAN is not documented with the information system security officer as an operational requirement, this is a finding.

Fix Text

Configure RHEL 10 to disable the ability to load the CAN kernel module.

Create a drop-in if it does not already exist:

$ sudo vi /etc/modprobe.d/can.conf

Add the following lines to the file:

install can /bin/false
blacklist can