mediumnetworkunverifiedrollback-safe
Ensure net.ipv4.conf.default.secure_redirects is set to 0
sysctl-net-ipv4-conf-default-secure-redirects · RHEL ≥ 8 · 1 impl
Description
The kernel parameter net.ipv4.conf.default.secure_redirects must be set to 0 to enforce this network/kernel security control.
Rationale
Improper network kernel parameters can allow network-based attacks including packet redirection, source routing, and denial of service.
Check → Remediate
Checksysctl_value
- key:
- net.ipv4.conf.default.secure_redirects
- expected:
- 0
Remediatesysctl_set
- key:
- net.ipv4.conf.default.secure_redirects
- value:
- 0
Framework references
CIS
rhel8 3.3.1.11rhel10 3.3.1.11
NIST 800-53
CM-6
#sysctl#networking#hardening