Secure the Transparent
Inter-Process Communication Protocol
As part of your
system hardening activities, prevent the Transparent Inter-Process
Communication protocol (TIPC) from loading on your virtual appliance host
machines by default. Potential attackers can exploit this protocol to
compromise your system.
Binding the TIPC protocol to
the network stack increases the attack surface of the host. Unprivileged local
processes can cause the kernel to dynamically load a protocol handler by using
the protocol to open a socket.
- Open the/etc/modprobe.d/modprobe.conffile in a text editor.
- Ensure that theinstall tipc /bin/falseline appears in this file.
- Save the file and close it.