From Oracle Linux 5 Security Technical Implementation Guide
Part of GEN003600
Associated with: CCI-001551
Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv4 forwarding is enabled and the system is functioning as a router.
Verify the system does not accept source-routed IPv4 packets. Procedure: # grep [01] /proc/sys/net/ipv4/conf/*/accept_source_route|egrep "default|all" If all of the returned lines do not end with 0, this is a finding. Note: The same setting is used by Linux for both the local acceptance and forwarding of source-routed IPv4 packets.
Configure the system to not accept source-routed IPv4 packets. Edit /etc/sysctl.conf and add a setting for "net.ipv4.conf.all.accept_source_route=0" and "net.ipv4.conf.default.accept_source_route=0". Reload the sysctls. Procedure: # sysctl -p
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer