The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects.

An XCCDF Rule

Details
Profiles

Description

ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.

ID: SV-256571r991589_rule
Version: PHTN-30-000102
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

At the command line, run the following command:

# for SETTING in $(/sbin/sysctl -aN --pattern "net.ipv4.conf.(all|default|eth.*).send_redirects"); do sed -i -e "/^${SETTING}/d" /etc/sysctl.conf;echo $SETTING=0>>/etc/sysctl.conf; done
# /sbin/sysctl --load

The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects.

Description

Remediation Templates

A Manual Procedure