CCE-90705-5Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Disable Network Router Discovery Daemon (rdisc)
The 'rdisc' service implements the client side of the ICMP
Internet Router Discovery Protocol (IRDP), which allows discovery of routers on
the local subnet. If a router is discovered then the local routing table is
updated with a corresponding default route. By default this daemon is disabled.
The 'rdisc' service can be disabled with the following command:
'$ sudo systemctl disable rdisc'
Parameter:
Technical Mechanism:
General-purpose systems typically have their network and routing
information configured statically by a system administrator. Workstations or
some special-purpose systems often use DHCP (instead of IRDP) to retrieve
dynamic network configuration information.
Fix:
#
# Disable rdisc.service for all systemd targets
#
systemctl disable rdisc.service
#
# Stop rdisc.service if currently running
#
systemctl stop rdisc.service
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31119 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30396 |