Check: GEN003610
HP-UX 11.31 STIG:
GEN003610
(in versions v1 r19 through v1 r13)
Title
The system must not send IPv4 ICMP redirects. (Cat II impact)
Discussion
ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table possibly revealing portions of the network topology.
Check Content
Verify the system does not send IPv4 ICMP redirect messages. # ndd -get /dev/ip ip_send_redirects If the return value/result is not 0, this is a finding.
Fix Text
Configure the system to not send IPv4 ICMP redirect messages. # ndd -set /dev/ip ip_send_redirects 0 Edit /etc/rc.config.d/nddconf and add/set: TRANSPORT_NAME[x]=ip NDD_NAME[x]=ip_send_redirects NDD_VALUE[x]=0
Additional Identifiers
Rule ID: SV-35038r1_rule
Vulnerability ID: V-22417
Group Title: GEN003610
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001551 |
The organization defines approved authorizations for controlling the flow of information between interconnected systems. |
Controls
Number | Title |
---|---|
AC-4 |
Information Flow Enforcement |