The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects.

An XCCDF Rule

Details
Profiles

Description

ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.

ID: SV-258890r933731_rule
Version: PHTN-40-000227
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/etc/sysctl.d/zz-stig-hardening.conf

Add or update the following lines:
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0

At the command line, run the following command to load the new configuration:

# /sbin/sysctl --load /etc/sysctl.d/zz-stig-hardening.conf

Note: If the file zz-stig-hardening.conf does not exist, it must be created.

The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects.

Description

Remediation Templates

A Manual Procedure