STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: The system must be configured to use TCP syncookies when experiencing a TCP SYN flood.

DISA Rule

SV-64209r1_rule

Vulnerability Number

V-22419

Group Title

GEN003612

Rule Version

GEN003612

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Configure the system to use TCP syncookies when experiencing a TCP SYN flood.
Edit /etc/sysctl.conf and add a setting for "net.ipv4.tcp_syncookies=1".
# sysctl -p

Check Contents

Verify the system configured to use TCP syncookies when experiencing a TCP SYN flood.
# cat /proc/sys/net/ipv4/tcp_syncookies
If the result is not "1", this is a finding.

Vulnerability Number

V-22419

Documentable

False

Rule Version

GEN003612

Severity Override Guidance

Verify the system configured to use TCP syncookies when experiencing a TCP SYN flood.
# cat /proc/sys/net/ipv4/tcp_syncookies
If the result is not "1", this is a finding.

STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: The system must be configured to use TCP syncookies when experiencing a TCP SYN flood.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments