STIGQter: STIG Summary: Solaris 11 SPARC Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Solaris 11 SPARC Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-216376r603267_rule
V-216376
SRG-OS-000480
SOL-11.1-050090
CAT III
10
The Network Management profile is required.
If the version of Solaris is earlier than Solaris 11.2, disable send redirects for IPv4 and IPv6.
# pfexec ipadm set-prop -p _send_redirects=0 ipv4
# pfexec ipadm set-prop -p _send_redirects=0 ipv6
If the version of Solaris is Solaris 11.2 or later, disable send redirects for IPv4 and IPv6.
# pfexec ipadm set-prop -p send_redirects=off ipv4
# pfexec ipadm set-prop -p send_redirects=off ipv6
Determine the version of Solaris 11 in use.
# cat /etc/release
If the version of Solaris is earlier than Solaris 11.2, determine if ICMP redirect messages are disabled.
# ipadm show-prop -p _send_redirects -co current ipv4
# ipadm show-prop -p _send_redirects -co current ipv6
If the output of all commands is not "0", this is a finding.
If the version of Solaris is Solaris 11.2 or later, determine if ICMP redirect messages are disabled.
# ipadm show-prop -p send_redirects -co current ipv4
# ipadm show-prop -p send_redirects -co current ipv6
If the output of all commands is not "off", this is a finding.
V-216376
False
SOL-11.1-050090
Determine the version of Solaris 11 in use.
# cat /etc/release
If the version of Solaris is earlier than Solaris 11.2, determine if ICMP redirect messages are disabled.
# ipadm show-prop -p _send_redirects -co current ipv4
# ipadm show-prop -p _send_redirects -co current ipv6
If the output of all commands is not "0", this is a finding.
If the version of Solaris is Solaris 11.2 or later, determine if ICMP redirect messages are disabled.
# ipadm show-prop -p send_redirects -co current ipv4
# ipadm show-prop -p send_redirects -co current ipv6
If the output of all commands is not "off", this is a finding.
M
4022