STIGQter STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: Proxy Address Resolution Protocol (Proxy ARP) must not be enabled on the system.

DISA Rule

SV-64201r1_rule

Vulnerability Number

V-22415

Group Title

GEN003608

Rule Version

GEN003608

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the system to not use proxy ARP.
Edit /etc/sysctl.conf and add a setting for "net.ipv4.conf.all.proxy_arp=0" and "net.ipv4.conf.default.proxy_arp=0".
# sysctl -p

Check Contents

Verify the system does not use proxy ARP.

# grep [01] /proc/sys/net/ipv4/conf/*/proxy_arp|egrep "default|all"

If all of the resulting lines do not end with "0", this is a finding.

Vulnerability Number

V-22415

Documentable

False

Rule Version

GEN003608

Severity Override Guidance

Verify the system does not use proxy ARP.

# grep [01] /proc/sys/net/ipv4/conf/*/proxy_arp|egrep "default|all"

If all of the resulting lines do not end with "0", this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2207

Comments