{"description": "The Asynchronous Transfer Mode (ATM) is a protocol operating on\nnetwork, data link, and physical layers, based on virtual circuits\nand virtual paths.\n\nTo configure the system to prevent the <code>atm</code>\nkernel module from being loaded, add the following line to the file <code>/etc/modprobe.d/atm.conf</code>:\n<pre>install atm /bin/false</pre>\nThis entry will cause a non-zero return value during a <code>atm</code> module installation\nand additionally convey the meaning of the entry to the user in form of an error message.\nIf you would like to omit a non-zero return value and an error message, you may want to add a different line instead\n(both <code>/bin/true</code> and <code>/bin/false</code> are allowed by OVAL and will be accepted by the scan):\n<pre>install atm /bin/true</pre>", "rationale": "Disabling ATM protects the system against exploitation of any\nflaws in its implementation.", "severity": "medium", "references": {"nist": ["AC-18"], "srg": ["SRG-OS-000095-GPOS-00049", "SRG-OS-000480-GPOS-00227"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "no line is returned", "ocil": "\nIf the system is configured to prevent the loading of the <code>atm</code> kernel module,\nit will contain lines inside any file in <code>/etc/modprobe.d</code> or the deprecated<code> /etc/modprobe.conf</code>.\nThese lines instruct the module loading system to run another program (such as <code>/bin/false</code>) upon a module <code>install</code> event.\n\nRun the following command to search for such lines in all files in <code>/etc/modprobe.d</code> and the deprecated <code>/etc/modprobe.conf</code>:\n<pre>$ grep -r atm /etc/modprobe.conf /etc/modprobe.d</pre>", "oval_external_content": null, "fixtext": " Configure Ubuntu 22.04 to disable the ability to use the atm kernel module.\nAdd or update the following lines in the file \"/etc/modprobe.d/blacklist.conf\":\ninstall atm /bin/true blacklist atm\nReboot the system for the settings to take effect.", "checktext": "", "vuldiscussion": "", "srg_requirement": " The kernel module atm must be disabled in Ubuntu 22.04.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must be configured to disable the Asynchronous Transfer Mode kernel module.", "vuldiscussion": "Disabling Asynchronous Transfer Mode (ATM) protects the system against exploitation of any flaws in its implementation.", "checktext": "Verify that Ubuntu 22.04 disables the ability to load the ATM kernel module with the following command:\n\n$ grep -r atm /etc/modprobe.conf /etc/modprobe.d/*\n\ninstall atm /bin/false\nblacklist atm\n\nIf the command does not return any output, or the line is commented out, and use of ATM is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.", "fixtext": "To configure the system to prevent the atm kernel module from being loaded, add the following line to the file  /etc/modprobe.d/atm.conf (or create atm.conf if it does not exist):\n\ninstall atm /bin/false\nblacklist atm"}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Disable ATM Support", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml", "template": {"name": "kernel_module_disabled", "vars": {"kernmodule": "atm"}, "backends": {}}}