Red Hat Bugzilla – Bug 972500
The system must not accept ICMPv4 secure redirect packets on any interface.
Last modified: 2016-11-25 07:56:02 EST
Created attachment 758898 [details]
RHEL6 STIG patch
Description of problem:
The default configuration is not conforming to best practices. The Red Hat Enterprise Linux 6 Security Technical Implementation Guide (STIG) v1.2 published by the Defense Information Systems Agency recommends the changes in the attached patch.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
perform a yum install
# sysctl net.ipv4.conf.all.secure_redirects
net.ipv4.conf.all.secure_redirects = 1
$ sysctl net.ipv4.conf.all.secure_redirects
The output of the command should indicate a value of "0". If this value is not the default value, investigate how it could have been adjusted at runtime, and verify it is not set improperly in "/etc/sysctl.conf".
Created attachment 758900 [details]
Hi, this bug changes the default behaviour of the system and we don't think it is appropriate to do this in a midstream RHEL 6 release.