Secure ICMP redirects are the same as ICMP redirects, except they come from gateways listed on the default gateway list. It is assumed that these gateways are known to your system, and that they are likely to be secure. Rationale: It is still possible for even known gateways to be compromised. Setting net.ipv4.conf.all.secure_redirects to 0 protects the system from routing table updates by possibly compromised known gateways. Fix: Set the net.ipv4.conf.all.secure_redirects and net.ipv4.conf.default.secure_redirects parameters to 0 in /etc/sysctl.conf and run sysctl -p command: net.ipv4.conf.all.secure_redirects=0 net.ipv4.conf.default.secure_redirects=0 Modify active kernel parameters to match: # /sbin/sysctl -w net.ipv4.conf.all.secure_redirects=0 # /sbin/sysctl -w net.ipv4.conf.default.secure_redirects=0 # /sbin/sysctl -w net.ipv4.route.flush=1 [yes/no] Set the net.ipv4.conf.all.secure_redirects and net.ipv4.conf.default.secure_redirects parameters to 0 in /etc/sysctl.conf: net.ipv4.conf.all.secure_redirects=0 net.ipv4.conf.default.secure_redirects=0 Modify active kernel parameters to match: # /sbin/sysctl -w net.ipv4.conf.all.secure_redirects=0 # /sbin/sysctl -w net.ipv4.conf.default.secure_redirects=0 # /sbin/sysctl -w net.ipv4.route.flush=1 oval:org.secpod.oval:def:87296 oval:org.secpod.oval:def:85147 oval:org.secpod.oval:def:92262 oval:org.secpod.oval:def:65944 SCAP Repo OVAL Definition 2023-08-23