Saltstack Official Linux Formula
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
- # 3.2.4 Ensure suspicious packets are logged
- #
- # Description
- # ===========
- # When enabled, this feature logs packets with un-routable source
- # addresses to the kernel log.
- #
- # Rationale
- # =========
- # Enabling this feature and logging these packets allows an administrator
- # to investigate the possibility that an attacker is sending spoofed
- # packets to their system.
- #
- # Audit
- # =====
- #
- # Run the following commands and verify output matches:
- #
- # # sysctl net.ipv4.conf.all.log_martians
- # net.ipv4.conf.all.log_martians = 1
- # # sysctl net.ipv4.conf.default.log_martians
- # net.ipv4.conf.default.log_martians = 1
- #
- # Remediation
- # ===========
- #
- # Set the following parameters in the /etc/sysctl.conf file:
- #
- # net.ipv4.conf.all.log_martians = 1
- # net.ipv4.conf.default.log_martians = 1
- #
- # Run the following commands to set the active kernel parameters:
- #
- # # sysctl -w net.ipv4.conf.all.log_martians=1
- # # sysctl -w net.ipv4.conf.default.log_martians=1
- # # sysctl -w net.ipv4.route.flush=1
-
- parameters:
- linux:
- system:
- kernel:
- sysctl:
- net.ipv4.conf.all.log_martians: 1
- net.ipv4.conf.default.log_martians: 1
|
