STIGQter: STIG Summary: Solaris 11 SPARC Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system must ignore ICMP redirect messages.

DISA Rule

SV-216374r603267_rule

Vulnerability Number

V-216374

Group Title

SRG-OS-000480

Rule Version

SOL-11.1-050070

Severity

CAT III

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

The Network Management profile is required.

Disable ignore redirects for IPv4 and IPv6.

# pfexec ipadm set-prop -p _ignore_redirect=1 ipv4
# pfexec ipadm set-prop -p _ignore_redirect=1 ipv6

Check Contents

Determine if ICMP redirect messages are ignored.

# ipadm show-prop -p _ignore_redirect -co current ipv4
# ipadm show-prop -p _ignore_redirect -co current ipv6

If the output of all commands is not "1", this is a finding.

Vulnerability Number

V-216374

Documentable

False

Rule Version

SOL-11.1-050070

Severity Override Guidance

Check Content Reference

Target Key

4022

The system must ignore ICMP redirect messages.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments