Saltstack Official Linux Formula
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.

cis-3-2-4.yml 1.1KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344
  1. # 3.2.4 Ensure suspicious packets are logged
  2. #
  3. # Description
  4. # ===========
  5. # When enabled, this feature logs packets with un-routable source
  6. # addresses to the kernel log.
  7. #
  8. # Rationale
  9. # =========
  10. # Enabling this feature and logging these packets allows an administrator
  11. # to investigate the possibility that an attacker is sending spoofed
  12. # packets to their system.
  13. #
  14. # Audit
  15. # =====
  16. #
  17. # Run the following commands and verify output matches:
  18. #
  19. # # sysctl net.ipv4.conf.all.log_martians
  20. # net.ipv4.conf.all.log_martians = 1
  21. # # sysctl net.ipv4.conf.default.log_martians
  22. # net.ipv4.conf.default.log_martians = 1
  23. #
  24. # Remediation
  25. # ===========
  26. #
  27. # Set the following parameters in the /etc/sysctl.conf file:
  28. #
  29. # net.ipv4.conf.all.log_martians = 1
  30. # net.ipv4.conf.default.log_martians = 1
  31. #
  32. # Run the following commands to set the active kernel parameters:
  33. #
  34. # # sysctl -w net.ipv4.conf.all.log_martians=1
  35. # # sysctl -w net.ipv4.conf.default.log_martians=1
  36. # # sysctl -w net.ipv4.route.flush=1
  37. parameters:
  38. linux:
  39. system:
  40. kernel:
  41. sysctl:
  42. net.ipv4.conf.all.log_martians: 1
  43. net.ipv4.conf.default.log_martians: 1