Check: GEN003601
SUSE Linux Enterprise Server v11 for System z STIG:
GEN003601
(in versions v1 r12 through v1 r9)
Title
TCP backlog queue sizes must be set appropriately. (Cat II impact)
Discussion
To provide some mitigation to TCP Denial of Service attacks, the TCP backlog queue sizes must be set to at least 1280 or in accordance with product-specific guidelines.
Check Content
# cat /proc/sys/net/ipv4/tcp_max_syn_backlog If the result is not 1280 or greater, this is a finding.
Fix Text
Edit /etc/sysctl.conf and add a setting for "net.ipv4.tcp_max_syn_backlog=1280". Procedure: # echo "net.ipv4.tcp_max_syn_backlog=1280" >> /etc/sysctl.conf # sysctl -p
Additional Identifiers
Rule ID: SV-45720r1_rule
Vulnerability ID: V-23741
Group Title: GEN003601
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |