openstack/ansible-hardening
Code Issues Proposed changes
ansible-hardening/releasenotes/notes/adding-v38526-381a407caa566b14.yaml
Major Hayden 704e1c85a9 Implemented: V-38526. 
Accepting "secure" ICMP redirects (from those gateways listed as
default gateways) has few legitimate uses.
It should be disabled unless it is absolutely required.

This feature is disabled by default as is configurable by
``security_disable_icmpv4_redirects_secure`` variable.

Change-Id: I1e319e158c8e8cac04053993083c19c845a37849
2016-08-18 08:26:56 -05:00

9 lines
343 B
YAML
Raw Permalink Blame History

---
features:
- |
A task was added to disable secure ICMP redirects per the requirements in
V-38526. This change can cause problems in some environments, so it is
disabled by default. Deployers can enable the task (which disables secure
ICMP redirects) by setting ``security_disable_icmpv4_redirects_secure`` to
``yes``.
View Git Blame Copy Permalink