Bug 972509

Summary: The system must log Martian packets.
Product: Red Hat Enterprise Linux 6 Reporter: Jason Pyeron <jpyeron>
Component: initscriptsAssignee: Lukáš Nykrýn <lnykryn>
Status: CLOSED WONTFIX QA Contact: qe-baseos-daemons
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.6CC: jason.j.pyeron.ctr, jrieden
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-06-13 14:21:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 972500    
Bug Blocks: 972511    
Attachments:
Description Flags
RHEL6 STIG patch
none
specfile patch none

Description Jason Pyeron 2013-06-09 19:11:48 UTC
Created attachment 758901 [details]
RHEL6 STIG patch

Description of problem:

The default configuration is not conforming to best practices. The Red Hat Enterprise Linux 6 Security Technical Implementation Guide (STIG) v1.2 published by the Defense Information Systems Agency recommends the changes in the attached patch.

Version-Release number of selected component (if applicable):

http://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/initscripts-9.03.38-1.el6_4.1.src.rpm

How reproducible:

Always

Steps to Reproduce:

perform a yum install

Actual results:

root@test /tmp/setup
# sysctl net.ipv4.conf.all.log_martians
net.ipv4.conf.all.log_martians = 0

Expected results:

$ sysctl net.ipv4.conf.all.log_martians

The output of the command should indicate a value of "1". If this value is not the default value, investigate how it could have been adjusted at runtime, and verify it is not set improperly in "/etc/sysctl.conf".

Additional info:

see: http://iase.disa.mil/stigs/os/unix/red_hat.html

Comment 1 Jason Pyeron 2013-06-09 19:13:12 UTC
Created attachment 758902 [details]
specfile patch

Comment 3 Václav Pavlín 2013-06-13 14:21:14 UTC
Hi, this bug changes the default behaviour of the system and we don't think it is appropriate to do this in a midstream RHEL 6 release.