The system must set maximum number of half-open TCP connections to 4096.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-216141	SOL-11.1-050110	SV-216141r959010_rule		Medium

Description

This setting controls how many half-open connections can exist for a TCP port. It is necessary to control the number of completed connections to the system to provide some protection against denial of service attacks.

STIG	Date
Solaris 11 X86 Security Technical Implementation Guide	2024-11-25

Details

Check Text (C-17379r372805_chk)

Determine if the number of half open TCP connections is set to 4096.

# ipadm show-prop -p _conn_req_max_q0 -co current tcp

If the value of "4096" is not returned, this is a finding.

Fix Text (F-17377r372806_fix)

The Network Management profile is required

Configure maximum TCP connections for IPv4 and IPv6.

# pfexec ipadm set-prop -p _conn_req_max_q0=4096 tcp