The system must set maximum number of half-open TCP connections to 4096.
An XCCDF Rule
Description
<VulnDiscussion>This setting controls how many half-open connections can exist for a TCP port. It is necessary to control the number of completed connections to the system to provide some protection against denial of service attacks.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-216378r959010_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
The Network Management profile is required
Configure maximum TCP connections for IPv4 and IPv6.
# pfexec ipadm set-prop -p _conn_req_max_q0=4096 tcp