STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks.

DISA Rule

SV-100367r1_rule

Vulnerability Number

V-89717

Group Title

SRG-OS-000142-GPOS-00071

Rule Version

VRAU-SL-000790

Severity

CAT II

CCI(s)

• CCI-001095 - The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.

Weight

10

Fix Recommendation

Configure the TCP backlog queue size with the following command:

# sed -i 's/^.*\bnet.ipv4.tcp_max_syn_backlog\b.*$/net.ipv4.tcp_max_syn_backlog=1280/' /etc/sysctl.conf

Reload sysctl to verify the new change:

# sysctl -p

Check Contents

Check that the SLES for vRealize has an appropriate TCP backlog queue size to mitigate against TCP SYN flood DOS attacks with the following command:

# cat /proc/sys/net/ipv4/tcp_max_syn_backlog

If the TCP backlog queue size is not set to at least the recommended default setting of "1280", this is a finding.

Vulnerability Number

V-89717

Documentable

False

Rule Version

VRAU-SL-000790

Severity Override Guidance

Check that the SLES for vRealize has an appropriate TCP backlog queue size to mitigate against TCP SYN flood DOS attacks with the following command:

# cat /proc/sys/net/ipv4/tcp_max_syn_backlog

If the TCP backlog queue size is not set to at least the recommended default setting of "1280", this is a finding.

Check Content Reference

M

Target Key

3459

Comments