Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

40 line
1.1KB

  1. # 3.2.6 Ensure bogus ICMP responses are ignored
  2. #
  3. # Description
  4. # ===========
  5. # Setting icmp_ignore_bogus_error_responses to 1 prevents the kernel from
  6. # logging bogus responses (RFC-1122 non-compliant) from broadcast reframes,
  7. # keeping file systems from filling up with useless log messages.
  8. #
  9. # Rationale
  10. # =========
  11. # Some routers (and some attackers) will send responses that violate RFC-1122
  12. # and attempt to fill up a log file system with many useless error messages.
  13. #
  14. # Audit
  15. # =====
  16. #
  17. # Run the following commands and verify output matches:
  18. #
  19. # # sysctl net.ipv4.icmp_ignore_bogus_error_responses
  20. # net.ipv4.icmp_ignore_bogus_error_responses = 1
  21. #
  22. # Remediation
  23. # ===========
  24. #
  25. # Set the following parameter in the /etc/sysctl.conf file:
  26. #
  27. # net.ipv4.icmp_ignore_bogus_error_responses = 1
  28. #
  29. # Run the following commands to set the active kernel parameters:
  30. #
  31. # # sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1
  32. # # sysctl -w net.ipv4.route.flush=1
  33. parameters:
  34. linux:
  35. system:
  36. kernel:
  37. sysctl:
  38. net.ipv4.icmp_ignore_bogus_error_responses: 1