|
- # 3.1.2 Ensure packet redirect sending is disabled
- #
- # Description
- # ===========
- # ICMP Redirects are used to send routing information to other hosts. As a host
- # itself does not act as a router (in a host only configuration), there is
- # no need to send redirects.
- #
- # Rationale
- # =========
- # An attacker could use a compromised host to send invalid ICMP redirects to
- # other router devices in an attempt to corrupt routing and have users access
- # a system set up by the attacker as opposed to a valid system.
- #
- # Audit
- # =====
- #
- # Run the following commands and verify output matches:
- #
- # # sysctl net.ipv4.conf.all.send_redirects
- # net.ipv4.conf.all.send_redirects = 0
- # # sysctl net.ipv4.conf.default.send_redirects
- # net.ipv4.conf.default.send_redirects = 0
- #
- # Remediation
- # ===========
- #
- # Set the following parameters in the /etc/sysctl.conf file:
- #
- # net.ipv4.conf.all.send_redirects = 0
- # net.ipv4.conf.default.send_redirects = 0
- #
- # Run the following commands to set the active kernel parameters:
- #
- # # sysctl -w net.ipv4.conf.all.send_redirects=0
- # # sysctl -w net.ipv4.conf.default.send_red
-
- parameters:
- linux:
- system:
- kernel:
- sysctl:
- net.ipv4.conf.all.send_redirects: 0
- net.ipv4.conf.default.send_redirects: 0
|