AlmaLinux OS 9 must disable the Controller Area Network (CAN) kernel module.
An XCCDF Rule
Description
The CAN protocol is a robust vehicle bus standard designed to allow microcontrollers and devices to communicate with each other's applications without a host computer. Disabling CAN protects the system against exploitation of any flaws in its implementation.
- ID
- SV-269343r1050225_rule
- Version
- ALMA-09-029830
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
To configure the system to prevent the can kernel module from being loaded, run the following command:
$ cat << EOF | tee /etc/modprobe.d/can.conf
install can /bin/false
blacklist can
EOF