[Forgot Password]
Login  Register Subscribe

25354

 
 

132804

 
 

134339

 
 

909

 
 

108885

 
 

152

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-92908-3

Platform: ubuntu19.04Date: (C)2019-11-07   (M)2019-11-07



Disable Secure ICMP Redirect Acceptance Secure ICMP redirects are the same as ICMP redirects, except they come from gateways listed on the default gateway list. It is assumed that these gateways are known to your system, and that they are likely to be secure.


Parameter:


Technical Mechanism: It is still possible for even known gateways to be compromised. Setting net.ipv4.conf.all.secure_redirects to 0 protects the system from routing table updates by possibly compromised known gateways. Fix: Set the net.ipv4.conf.all.secure_redirects and net.ipv4.conf.default.secure_redirects parameters to 0 in /etc/sysctl.conf: net.ipv4.conf.all.secure_redirects=0 net.ipv4.conf.default.secure_redirects=0 Modify active kernel parameters to match: # /sbin/sysctl -w net.ipv4.conf.all.secure_redirects=0 # /sbin/sysctl -w net.ipv4.conf.default.secure_redirects=0 # /sbin/sysctl -w net.ipv4.route.flush=1

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:55121


OVAL    1
oval:org.secpod.oval:def:55121
XCCDF    1
xccdf_org.secpod_benchmark_general_Ubuntu_19_04

© SecPod Technologies