OL 9 must limit the number of bogus Internet Control Message Protocol (ICMP) response errors logs.

STIG ID: OL09-00-006031  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-271874

Vulnerability Discussion

Some routers will send responses to broadcast frames that violate RFC-1122, which fills up a log file system with many useless error messages. An attacker may take advantage of this and attempt to flood the logs with bogus error logs. Ignoring bogus ICMP error responses reduces log size, although some activity would not be logged.

Check

Verify that OL 9 limits the number of bogus ICMP response errors logs.

The runtime status of the net.ipv4.icmp_ignore_bogus_error_responses kernel parameter can be queried by running the following command:

$ sysctl net.ipv4.icmp_ignore_bogus_error_responses
net.ipv4.icmp_ignore_bogus_error_responses = 1

If "net.ipv4.icmp_ignore_bogus_error_responses" is not set to "1", this is a finding.

Fix

Configure OL 9 to not log bogus ICMP errors:

Add or edit the following line in a single system configuration file in the "/etc/sysctl.d/" directory:

net.ipv4.icmp_ignore_bogus_error_responses = 1

Load settings from all system configuration files with the following command:

$ sudo sysctl --system
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.