Check: SOL-11.1-050070
Solaris 11 SPARC STIG:
SOL-11.1-050070
(in versions v2 r10 through v1 r10)
Title
The system must ignore ICMP redirect messages. (Cat III impact)
Discussion
Ignoring ICMP redirect messages reduces the likelihood of denial of service attacks.
Check Content
Determine if ICMP redirect messages are ignored. # ipadm show-prop -p _ignore_redirect -co current ipv4 # ipadm show-prop -p _ignore_redirect -co current ipv6 If the output of all commands is not "1", this is a finding.
Fix Text
The Network Management profile is required. Disable ignore redirects for IPv4 and IPv6. # pfexec ipadm set-prop -p _ignore_redirect=1 ipv4 # pfexec ipadm set-prop -p _ignore_redirect=1 ipv6
Additional Identifiers
Rule ID: SV-216374r603267_rule
Vulnerability ID: V-216374
Group Title: SRG-OS-000480
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
Number | Title |
---|---|
CM-6 |
Configuration Settings |