Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ======3.2.4 Ensure suspicious packets are logged (Scored)====== =====Profile Applicability===== <code> Level 1 - Server Level 1 - Workstation </code> =====Description===== When enabled, this feature logs packets with un-routable source addresses to the kernel log. =====Rationale===== Enabling this feature and logging these packets allows an administrator to investigate the possibility that an attacker is sending spoofed packets to their system. =====Audit===== Run the following command and verify output matches: <Code:bash> # sysctl net.ipv4.conf.all.log_martians net.ipv4.conf.all.log_martians = 1 # sysctl net.ipv4.conf.default.log_martians net.ipv4.conf.default.log_martians = 1 </Code> =====Remediation===== Set the following parameter in the ''/etc/sysctl.conf'' file: <Code:bash> net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.default.log_martians = 1 </Code> Run the following commands to set the active kernel parameters: <Code:bash> # sysctl -w net.ipv4.conf.all.log_martians=1 # sysctl -w net.ipv4.conf.default.log_martians=1 # sysctl -w net.ipv4.route.flush=1 </Code> centos7/3/2/4.txt Last modified: 2017/05/04 17:21by Piotr Kłoczewski