STIGQter STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: IP forwarding for IPv4 must not be enabled, unless the system is a router.

DISA Rule

SV-64113r1_rule

Vulnerability Number

V-12023

Group Title

GEN005600

Rule Version

GEN005600

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit "/etc/sysctl.conf" and set net.ipv4.ip_forward to "0".

Restart the system or run "sysctl -p" to make the change take effect.

Check Contents

Check if the system is configured for IPv4 forwarding. If the system is a VM host and acts as a router solely for the benefits of its client systems, then this rule is not applicable.

Procedure:
# cat /proc/sys/net/ipv4/ip_forward

If the value is set to "1", IPv4 forwarding is enabled this is a finding.

Vulnerability Number

V-12023

Documentable

False

Rule Version

GEN005600

Severity Override Guidance

Check if the system is configured for IPv4 forwarding. If the system is a VM host and acts as a router solely for the benefits of its client systems, then this rule is not applicable.

Procedure:
# cat /proc/sys/net/ipv4/ip_forward

If the value is set to "1", IPv4 forwarding is enabled this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2207

Comments