Saltstack Official Linux Formula
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.

cis-3-1-2.yml 1.2KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344
  1. # 3.1.2 Ensure packet redirect sending is disabled
  2. #
  3. # Description
  4. # ===========
  5. # ICMP Redirects are used to send routing information to other hosts. As a host
  6. # itself does not act as a router (in a host only configuration), there is
  7. # no need to send redirects.
  8. #
  9. # Rationale
  10. # =========
  11. # An attacker could use a compromised host to send invalid ICMP redirects to
  12. # other router devices in an attempt to corrupt routing and have users access
  13. # a system set up by the attacker as opposed to a valid system.
  14. #
  15. # Audit
  16. # =====
  17. #
  18. # Run the following commands and verify output matches:
  19. #
  20. # # sysctl net.ipv4.conf.all.send_redirects
  21. # net.ipv4.conf.all.send_redirects = 0
  22. # # sysctl net.ipv4.conf.default.send_redirects
  23. # net.ipv4.conf.default.send_redirects = 0
  24. #
  25. # Remediation
  26. # ===========
  27. #
  28. # Set the following parameters in the /etc/sysctl.conf file:
  29. #
  30. # net.ipv4.conf.all.send_redirects = 0
  31. # net.ipv4.conf.default.send_redirects = 0
  32. #
  33. # Run the following commands to set the active kernel parameters:
  34. #
  35. # # sysctl -w net.ipv4.conf.all.send_redirects=0
  36. # # sysctl -w net.ipv4.conf.default.send_red
  37. parameters:
  38. linux:
  39. system:
  40. kernel:
  41. sysctl:
  42. net.ipv4.conf.all.send_redirects: 0
  43. net.ipv4.conf.default.send_redirects: 0