Skip to content

Guide to the Secure Configuration of Oracle Linux 9

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default

    To set the runtime status of the <code>net.ipv6.conf.default.accept_source_route</code> kernel parameter, run the following command: <pre>$ sudo sy...
    Rule Medium Severity
  • Configure Auto Configuration on All IPv6 Interfaces By Default

    To set the runtime status of the <code>net.ipv6.conf.default.autoconf</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net...
    Rule Unknown Severity
  • Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces By Default

    To set the runtime status of the <code>net.ipv6.conf.default.max_addresses</code> kernel parameter, run the following command: <pre>$ sudo sysctl -...
    Rule Unknown Severity
  • Configure Denying Router Solicitations on All IPv6 Interfaces By Default

    To set the runtime status of the <code>net.ipv6.conf.default.router_solicitations</code> kernel parameter, run the following command: <pre>$ sudo s...
    Rule Unknown Severity
  • net.ipv4.conf.default.secure_redirects

    Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure...
    Value
  • net.ipv4.conf.default.shared_media

    Controls whether the system can send(router) or accept(host) RFC1620 shared media redirects. <code>shared_media</code> for the interface will be en...
    Value
  • net.ipv4.icmp_echo_ignore_broadcasts

    Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast
    Value
  • net.ipv4.icmp_ignore_bogus_error_responses

    Enable to prevent unnecessary logging
    Value
  • Limit Network-Transmitted Configuration if Using Static IPv6 Addresses

    To limit the configuration information requested from other systems and accepted from the network on a system that uses statically-configured IPv6 ...
    Group
  • Kernel Parameters Which Affect Networking

    The <code>sysctl</code> utility is used to set parameters which affect the operation of the Linux kernel. Kernel parameters which affect networking...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules