The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-256570 | PHTN-30-000101 | SV-256570r887384_rule | Medium |
| Description |
|---|
| ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack. |
| STIG | Date |
|---|---|
| VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide | 2023-12-01 |
Details
| Check Text ( C-60245r887382_chk ) |
|---|
| At the command line, run the following command: # /sbin/sysctl -a --pattern "net.ipv4.conf.(all|default|eth.*).secure_redirects" Expected result: net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 net.ipv4.conf.eth0.secure_redirects = 0 If the output does not match the expected result, this is a finding. Note: The number of "ethx" lines returned is dependent on the number of interfaces. Every "ethx" entry must be set to "0". |
| Fix Text (F-60188r887383_fix) |
|---|
| At the command line, run the following command: # for SETTING in $(/sbin/sysctl -aN --pattern "net.ipv4.conf.(all|default|eth.*).secure_redirects"); do sed -i -e "/^${SETTING}/d" /etc/sysctl.conf;echo $SETTING=0>>/etc/sysctl.conf; done # /sbin/sysctl --load |