STIGQter STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: The system must not send IPv4 Internet Control Message Protocol (ICMP) redirects.

DISA Rule

SV-64205r1_rule

Vulnerability Number

V-22417

Group Title

GEN003610

Rule Version

GEN003610

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the system to not send IPv4 ICMP redirect messages.
Edit /etc/sysctl.conf and add a setting for "net.ipv4.conf.all.send_redirects=0" and "net.ipv4.conf.default.send_redirects=0".
# sysctl -p

Check Contents

Verify the system does not send IPv4 ICMP redirect messages.

# grep [01] /proc/sys/net/ipv4/conf/*/send_redirects|egrep "default|all"

If all of the resulting lines do not end with "0", this is a finding.

Vulnerability Number

V-22417

Documentable

False

Rule Version

GEN003610

Severity Override Guidance

Verify the system does not send IPv4 ICMP redirect messages.

# grep [01] /proc/sys/net/ipv4/conf/*/send_redirects|egrep "default|all"

If all of the resulting lines do not end with "0", this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2207

Comments