STIGQter STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SUSE operating system must not allow interfaces to accept Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by default.

DISA Rule

SV-217292r603262_rule

Vulnerability Number

V-217292

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

SLES-12-030400

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the SUSE operating system ignores IPv4 ICMP redirect messages by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):

net.ipv4.conf.default.accept_redirects = 0

Run the following command to apply this value:

# sysctl --system

Check Contents

Verify the SUSE operating system ignores IPv4 ICMP redirect messages.

Check the value of the "accept_redirects" variables with the following command:

# sysctl net.ipv4.conf.default.accept_redirects
net.ipv4.conf.default.accept_redirects = 0

If the returned line does not have a value of "0" this is a finding.

Vulnerability Number

V-217292

Documentable

False

Rule Version

SLES-12-030400

Severity Override Guidance

Verify the SUSE operating system ignores IPv4 ICMP redirect messages.

Check the value of the "accept_redirects" variables with the following command:

# sysctl net.ipv4.conf.default.accept_redirects
net.ipv4.conf.default.accept_redirects = 0

If the returned line does not have a value of "0" this is a finding.

Check Content Reference

M

Target Key

4033

Comments