STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks.

DISA Rule

SV-99247r1_rule

Vulnerability Number

V-88597

Group Title

SRG-OS-000142-GPOS-00071

Rule Version

VROM-SL-000765

Severity

CAT II

CCI(s)

• CCI-001095 - The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.

Weight

10

Fix Recommendation

Configure the TCP backlog queue size with the following command:

# sed -i 's/^.*\bnet.ipv4.tcp_max_syn_backlog\b.*$/net.ipv4.tcp_max_syn_backlog=1280/' /etc/sysctl.conf

Reload sysctl to verify the new change:

# sysctl -p

Check Contents

Check that SLES for vRealize has an appropriate TCP backlog queue size to mitigate against TCP SYN flood DOS attacks with the following command:

# cat /proc/sys/net/ipv4/tcp_max_syn_backlog

The recommended default setting is "1280".

If the TCP backlog queue size is not set to "1280", this is a finding.

Vulnerability Number

V-88597

Documentable

False

Rule Version

VROM-SL-000765

Severity Override Guidance

Check that SLES for vRealize has an appropriate TCP backlog queue size to mitigate against TCP SYN flood DOS attacks with the following command:

# cat /proc/sys/net/ipv4/tcp_max_syn_backlog

The recommended default setting is "1280".

If the TCP backlog queue size is not set to "1280", this is a finding.

Check Content Reference

M

Target Key

3461

Comments