Skip to content

Guide to the Secure Configuration of Debian 11

Rules, Groups, and Values defined within the XCCDF Benchmark

  • net.ipv4.conf.all.log_martians

    Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets
    Value
  • net.ipv4.conf.all.rp_filter

    Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination I...
    Value
  • net.ipv4.conf.all.secure_redirects

    Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure...
    Value
  • net.ipv4.conf.all.shared_media

    Controls whether the system can send (router) or accept (host) RFC1620 shared media redirects. <code>shared_media</code> for the interface will be ...
    Value
  • net.ipv4.conf.default.accept_redirects

    Disable ICMP Redirect Acceptance?
    Value

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules