STIG ID: ALMA-09-019380 | SRG: SRG-OS-000480-GPOS-00227 | Severity: medium | CCI: | Vulnerability Id: V-269251
The presence of "martian" packets (which have impossible addresses) as well as spoofed packets, source-routed packets, and redirects could be a sign of nefarious network activity. Logging these packets enables this activity to be detected.
Configure AlmaLinux OS 9 to log martian packets.
Create a numbered *.conf file in /etc/sysctl.d/ with the following content:
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.lo.log_martians = 1
The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
$ sysctl --system
Verify AlmaLinux OS 9 logs martian packets.
Check the value of the "log_martians" variables with the following command:
$ sysctl -a | grep log_martians
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.enp1s0.log_martians = 1
net.ipv4.conf.lo.log_martians = 1
If the returned lines do not all have a value of "1", this is a finding.