From f407a8a6aa84a264b5ba0256354d738976b13c3f Mon Sep 17 00:00:00 2001 From: Mohammad Issa Date: Tue, 28 Jan 2025 17:49:54 +0000 Subject: [PATCH] Network Configuration updates Pt.1 Fix the following CIS Benchmark network configurations: - 3.3.4 Ensure broadcast ICMP requests are ignored - 3.3.8 Ensure source routed packets are not accepted - 3.3.10 Ensure TCP SYN Cookies is enabled Testing: - Build successful - SX and DX deployment successful - Run CIS Tenable-IO scan with no errors Story: 2011210 Task: 51629 Change-Id: I3acf7a977204981dc160ef82d7092397fce151f9 Signed-off-by: Mohammad Issa --- initscripts-config/source-debian/sysctl.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/initscripts-config/source-debian/sysctl.conf b/initscripts-config/source-debian/sysctl.conf index f12c242..fa7eabf 100644 --- a/initscripts-config/source-debian/sysctl.conf +++ b/initscripts-config/source-debian/sysctl.conf @@ -23,7 +23,7 @@ net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.all.rp_filter=1 # Uncomment the next line to enable TCP/IP SYN cookies -#net.ipv4.tcp_syncookies=1 +net.ipv4.tcp_syncookies=1 # Uncomment the next line to enable packet forwarding for IPv4 #net.ipv4.ip_forward=1 @@ -40,7 +40,7 @@ net.ipv4.conf.all.rp_filter=1 # settings are disabled so review and enable them as needed. # # Ignore ICMP broadcasts -#net.ipv4.icmp_echo_ignore_broadcasts = 1 +net.ipv4.icmp_echo_ignore_broadcasts = 1 # # Set the runtime status of the net.ipv4.icmp_ignore_bogus_error_responses # kernel parameter to enable Kernel Parameter to Ignore Bogus ICMP Error @@ -64,7 +64,7 @@ net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.all.send_redirects = 0 # # Do not accept IP source route packets (we are not a router) -#net.ipv4.conf.all.accept_source_route = 0 +net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 # # Log Martian Packets