STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-230537r627750_rule
V-230537
SRG-OS-000480-GPOS-00227
RHEL-08-040230
CAT II
10
Configure RHEL 8 to not respond to IPv4 ICMP echoes sent to a broadcast address with the following command:
$ sudo sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
If "1" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
net.ipv4.icmp_echo_ignore_broadcasts=1
Verify RHEL 8 does not respond to ICMP echoes sent to a broadcast address.
Note: If either IPv4 or IPv6 is disabled on the system, this requirement only applies to the active internet protocol version.
Check the value of the "icmp_echo_ignore_broadcasts" variable with the following command:
$ sudo sysctl net.ipv4.icmp_echo_ignore_broadcasts
net.ipv4.icmp_echo_ignore_broadcasts = 1
If the returned line does not have a value of "1", a line is not returned, or the retuned line is commented out, this is a finding.
V-230537
False
RHEL-08-040230
Verify RHEL 8 does not respond to ICMP echoes sent to a broadcast address.
Note: If either IPv4 or IPv6 is disabled on the system, this requirement only applies to the active internet protocol version.
Check the value of the "icmp_echo_ignore_broadcasts" variable with the following command:
$ sudo sysctl net.ipv4.icmp_echo_ignore_broadcasts
net.ipv4.icmp_echo_ignore_broadcasts = 1
If the returned line does not have a value of "1", a line is not returned, or the retuned line is commented out, this is a finding.
M
2921