The system must use initial TCP sequence numbers most resistant to sequence number guessing attacks.
DISA Rule
SV-226887r603265_rule
Vulnerability Number
V-226887
Group Title
SRG-OS-000480
Rule Version
GEN003580
Severity
CAT II
CCI(s)
- CCI-000366 - The organization implements the security configuration settings.
Weight
10
Fix Recommendation
Edit /etc/default/inetinit and set the TCP_STRONG_ISS parameter to 2.
Check Contents
# grep "TCP_STRONG_ISS=2" /etc/default/inetinit
If this variable is not set, this is a finding.
Vulnerability Number
V-226887
Documentable
False
Rule Version
GEN003580
Severity Override Guidance
# grep "TCP_STRONG_ISS=2" /etc/default/inetinit
If this variable is not set, this is a finding.
Check Content Reference
M
Target Key
4060
Comments