Guide to the Secure Configuration of Red Hat Enterprise Linux 7
Rules, Groups, and Values defined within the XCCDF Benchmark
-
net.ipv4.conf.default.accept_source_route
Disable IP source routing?Value -
net.ipv4.conf.default.log_martians
Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect PacketsValue -
net.ipv4.conf.default.rp_filter
Enables source route verificationValue -
net.ipv4.conf.default.secure_redirects
Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure...Value -
net.ipv4.conf.default.shared_media
Controls whether the system can send(router) or accept(host) RFC1620 shared media redirects. <code>shared_media</code> for the interface will be en...Value -
net.ipv4.icmp_echo_ignore_broadcasts
Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicastValue -
net.ipv4.icmp_ignore_bogus_error_responses
Enable to prevent unnecessary loggingValue -
net.ipv4.tcp_invalid_ratelimit
Configure the maximal rate for sending duplicate acknowledgments in response to incoming invalid TCP packets.Value -
net.ipv4.tcp_rfc1337
Enable to enable TCP behavior conformant with RFC 1337Value -
net.ipv4.tcp_syncookies
Enable to turn on TCP SYN Cookie ProtectionValue
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules