Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-12023 | GEN005600 | SV-37929r1_rule | ECSC-1 | Medium |
Description |
---|
If the system is configured for IP forwarding and is not a designated router, it could be used to bypass network security by providing a path for communication not filtered by network devices. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2014-01-09 |
Check Text ( C-37179r1_chk ) |
---|
Check if the system is configured for IPv4 forwarding. If the system is a VM host and acts as a router solely for the benefits of its client systems, then this rule is not applicable. Procedure: # cat /proc/sys/net/ipv4/ip_forward If the value is set to "1", IPv4 forwarding is enabled this is a finding. |
Fix Text (F-32422r1_fix) |
---|
Edit "/etc/sysctl.conf" and set net.ipv4.ip_forward to "0". Restart the system or run "sysctl -p" to make the change take effect. |