Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22409 | GEN003602 | SV-45721r1_rule | Low |
Description |
---|
The processing of (ICMP) timestamp requests increases the attack surface of the system. |
STIG | Date |
---|---|
SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide | 2018-09-19 |
Check Text ( C-43088r1_chk ) |
---|
Verify the system does not respond to ICMP TIMESTAMP_REQUESTs Procedure: # iptables -L INPUT | grep "timestamp" This should return the following entries for "timestamp-reply" and "timestamp_request": DROP icmp -- anywhere anywhere icmp timestamp-request DROP icmp -- anywhere anywhere icmp timestamp-reply If either does not exist or does not "DROP" the message, this is a finding. |
Fix Text (F-39119r1_fix) |
---|
Configure the system to not respond to ICMP TIMESTAMP_REQUESTs. This is done by rejecting ICMP type 13 and 14 messages at the firewall. Procedure: 1. Check the SuSEfirewall2 configuration to see if custom rules are being used: # grep -v '^#' /etc/sysconfig/SuSEfirewall2 | grep FW_CUSTOMRULES If the command returns FW_CUSTOMRULES=”” then no custom rules are being used. In that case edit the /etc/sysconfig/SuSEfirewall2 file and use the vendor supplied file by setting FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" 2. Edit the file defined by the FW_CUSTOMRULES variable and add these commands to append the INPUT chain: iptables -A INPUT -p ICMP --icmp-type timestamp-request -j DROP iptables -A INPUT -p ICMP --icmp-type timestamp-reply -j DROP Restart the firewall: # rcSuSEfirewall2 restart |