STIGQter: STIG Summary: VMware vSphere 6.7 Photon OS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The Photon operating system must use TCP syncookies.

DISA Rule

SV-239109r675135_rule

Vulnerability Number

V-239109

Group Title

SRG-OS-000142-GPOS-00071

Rule Version

PHTN-67-000037

Severity

CAT II

CCI(s)

CCI-001095 - The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.
CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

Fix Recommendation

At the command line, execute the following commands:

# sed -i -e "/^net.ipv4.tcp_syncookies/d" /etc/sysctl.conf
# echo net.ipv4.tcp_syncookies=1>>/etc/sysctl.conf

Check Contents

At the command line, execute the following command:

# /sbin/sysctl -a --pattern /tcp_syncookies

Expected result:

net.ipv4.tcp_syncookies = 1

If the output does not match the expected result, this is a finding.

Vulnerability Number

V-239109

Documentable

False

Rule Version

PHTN-67-000037

Severity Override Guidance

Check Content Reference

Target Key

5323

The Photon operating system must use TCP syncookies.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments