V-38528: Log martian packets

Implements: blueprint security-hardening

Change-Id: Icbbbcc1d51ea6fa903ff65d01ffda65e2f123030

doc/source/developer-notes/V-38528.rst

@@ -0,0 +1,5 @@
+The Ansible task in this role will ensure that martian packets are logged to
+rsyslog.  Wikpedia's article on `martian packets`_ provides additional
+information.
+
+.. _martian packets: https://en.wikipedia.org/wiki/Martian_packet

openstack-ansible-security/tasks/kernel.yml

@@ -13,6 +13,17 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: V-38528 - The system must log martian packets
+  sysctl:
+    name: net.ipv4.conf.all.log_martians
+    value: 1
+    state: present
+    sysctl_set: yes
+  tags:
+    - kernel
+    - cat3
+    - V-38528
+
 # This is the default in Ubuntu 14.04
 - name: V-38596 - Enable virtual address space randomization
   sysctl: