Guide to the Secure Configuration of SUSE Linux Enterprise 15
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces
To set the runtime status of the <code>net.ipv6.conf.default.accept_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysct...Rule Medium Severity -
Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default
To set the runtime status of the <code>net.ipv6.conf.default.accept_source_route</code> kernel parameter, run the following command: <pre>$ sudo sy...Rule Medium Severity -
Configure Auto Configuration on All IPv6 Interfaces By Default
To set the runtime status of the <code>net.ipv6.conf.default.autoconf</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net...Rule Unknown Severity -
Disable Kernel Parameter for IPv6 Forwarding by default
To set the runtime status of the <code>net.ipv6.conf.default.forwarding</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w n...Rule Medium Severity -
Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces By Default
To set the runtime status of the <code>net.ipv6.conf.default.max_addresses</code> kernel parameter, run the following command: <pre>$ sudo sysctl -...Rule Unknown Severity -
Configure Denying Router Solicitations on All IPv6 Interfaces By Default
To set the runtime status of the <code>net.ipv6.conf.default.router_solicitations</code> kernel parameter, run the following command: <pre>$ sudo s...Rule Unknown Severity -
Limit Network-Transmitted Configuration if Using Static IPv6 Addresses
To limit the configuration information requested from other systems and accepted from the network on a system that uses statically-configured IPv6 ...Group -
Kernel Parameters Which Affect Networking
The <code>sysctl</code> utility is used to set parameters which affect the operation of the Linux kernel. Kernel parameters which affect networking...Group -
Network Related Kernel Runtime Parameters for Hosts and Routers
Certain kernel parameters should be set for systems which are acting as either hosts or routers to improve the system's ability defend against cert...Group -
net.ipv4.conf.all.accept_redirects
Disable ICMP Redirect AcceptanceValue -
net.ipv4.conf.all.accept_source_route
Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirec...Value -
net.ipv4.conf.default.arp_filter
Controls whether the ARP filter is enabled or not. 1 - Allows you to have multiple network interfaces on the same subnet, and have the ARPs for ea...Value -
net.ipv4.conf.default.arp_ignore
Control the response modes for ARP queries that resolve local target IP addresses: 0 - (default): reply for any local target IP address, configure...Value -
net.ipv4.conf.all.forwarding
Toggle IPv4 ForwardingValue -
net.ipv4.conf.all.log_martians
Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect PacketsValue -
net.ipv4.conf.all.rp_filter
Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination I...Value -
net.ipv4.conf.all.secure_redirects
Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure...Value -
net.ipv4.conf.all.shared_media
Controls whether the system can send (router) or accept (host) RFC1620 shared media redirects. <code>shared_media</code> for the interface will be ...Value -
net.ipv4.conf.default.accept_redirects
Disable ICMP Redirect Acceptance?Value -
net.ipv4.conf.default.secure_redirects
Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure...Value
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.