3.5.1 Ensure DCCP is disabled (Not Scored)

Level 1 - Server
Level 1 - Workstation 

The Datagram Congestion Control Protocol (DCCP) is a transport layer protocol that supports streaming media and telephony. DCCP provides a way to gain access to congestion control, without having to do it at the application layer, but does not provide in-sequence delivery.

If the protocol is not required, it is recommended that the drivers not be installed to reduce the potential attack surface.

Run the following commands and verify the output is as indicated:

# modprobe -n -v dccp 
install /bin/true 
# lsmod | grep dccp 
<No output>

Edit or create the file /etc/modprobe.d/CIS.conf and add the following line:

install dccp /bin/true
  • centos7/3/5/1.txt
  • Last modified: 2017/05/04 17:32
  • by 127.0.0.1