The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.

An XCCDF Rule

Details
Profiles

Description

ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.

ID: SV-258888r991589_rule
Version: PHTN-40-000225
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/etc/sysctl.d/zz-stig-hardening.conf

Add or update the following lines:
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

At the command line, run the following command to load the new configuration:

# /sbin/sysctl --load /etc/sysctl.d/zz-stig-hardening.conf

Note: If the file zz-stig-hardening.conf does not exist, it must be created.

The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.

Description

Remediation Templates

A Manual Procedure