1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
|
documentation_complete: true
title: 'Disable loading and unloading of kernel modules'
description: '{{{ describe_sysctl_option_value(sysctl="kernel.modules_disabled", value="1") }}}'
rationale: |-
Malicious kernel modules can have a significant impact on system security and
availability. Disabling loading of kernel modules prevents this threat. Note
that once this option has been set, it cannot be reverted without doing a
system reboot. Make sure that all needed kernel modules are loaded before
setting this option.
severity: medium
identifiers:
cce@rhel8: CCE-83397-0
cce@rhel9: CCE-83967-0
cce@rhel10: CCE-87060-0
cce@sle12: CCE-91566-0
cce@sle15: CCE-91256-8
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.modules_disabled", value="1") }}}
platform: system_with_kernel
warnings:
- general:
This rule doesn't come with remediation.
Remediating this rule during the installation process disrupts the install and boot process.
template:
name: sysctl
vars:
sysctlvar: kernel.modules_disabled
sysctlval: '1'
datatype: int
no_remediation: true
backends:
# Automated remediation of this rule during installations disrupts the first boot
bash: 'off'
ansible: 'off'
|