- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
The rdisc
service implements the client side of the ICMP
Internet Router Discovery Protocol (IRDP), which allows discovery of routers on
the local subnet. If a router is discovered then the local routing table is
updated with a corresponding default route. By default this daemon is disabled.
The rdisc
service can be disabled with the following command:
$ sudo systemctl disable rdisc.service
General-purpose systems typically have their network and routing information configured statically by a system administrator. Workstations or some special-purpose systems often use DHCP (instead of IRDP) to retrieve dynamic network configuration information.
The following script can be run on the host to remediate the issue.
#!/bin/bash
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'rdisc.service'
"$SYSTEMCTL_EXEC" disable 'rdisc.service'
# Disable socket activation if we have a unit file for it
"$SYSTEMCTL_EXEC" list-unit-files | grep -q '^rdisc.socket\>' && "$SYSTEMCTL_EXEC" disable 'rdisc.socket'
# The service may not be running because it has been started and failed,
# so let's reset the state so OVAL checks pass.
# Service should be 'inactive', not 'failed' after reboot though.
"$SYSTEMCTL_EXEC" reset-failed 'rdisc.service'
The following playbook can be run with Ansible to remediate the issue.
- name: Disable service rdisc
service:
name: "{{item}}"
enabled: "no"
state: "stopped"
register: service_result
failed_when: "service_result is failed and ('Could not find the requested service' not in service_result.msg)"
with_items:
- rdisc
tags:
- service_rdisc_disabled
- unknown_severity
- disable_strategy
- low_complexity
- low_disruption
- NIST-800-53-AC-17(8)
- NIST-800-53-AC-4
- NIST-800-53-CM-7
- name: Disable socket of service rdisc if applicable
service:
name: "{{item}}"
enabled: "no"
state: "stopped"
register: socket_result
failed_when: "socket_result is failed and ('Could not find the requested service' not in socket_result.msg)"
with_items:
- rdisc.socket
tags:
- service_rdisc_disabled
- unknown_severity
- disable_strategy
- low_complexity
- low_disruption
- NIST-800-53-AC-17(8)
- NIST-800-53-AC-4
- NIST-800-53-CM-7