Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add missing sysctl parameter #143

Merged
merged 3 commits into from
Jan 3, 2018
Merged

add missing sysctl parameter #143

merged 3 commits into from
Jan 3, 2018

Conversation

rndmh3ro
Copy link
Member

@rndmh3ro rndmh3ro commented Aug 8, 2017

Fixes #115

@rndmh3ro rndmh3ro requested review from ypid and fitz123 August 8, 2017 19:13
ypid
ypid reviewed Aug 8, 2017
View reviewed changes
Copy link
Member

@ypid ypid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure about martian off the top of my head. Maybe others know this without looking it up.

@rndmh3ro
Copy link
Member Author

rndmh3ro commented Aug 8, 2017
edited
Loading

A martian packet is a packet with a source address which is obviously wrong - nothing could possibly be routed back to that address.

See:
https://serverfault.com/questions/570980/what-is-the-usefulness-of-logging-of-martians-packet
https://en.wikipedia.org/wiki/Martian_packet

This PR just tries to make the handling of martians consistent, we already set this parameter for all network interfaces (here), this just adds the setting for the default interface.

BTW thanks for taking the time to review everything so thoroughly!

@rndmh3ro rndmh3ro changed the title add martian sysctl parameter WIP - add missing sysctl parameter Aug 8, 2017
@rndmh3ro
Copy link
Member Author

rndmh3ro commented Aug 8, 2017

I will add more sysctl-parameters that are missing to this PR.

@ypid
Copy link
Member

ypid commented Aug 8, 2017

You are welcome :) I will look into this when I start using the role. Will probably take a while.

@burdena
Copy link

burdena commented Sep 8, 2017

I was about to create my own pull request for net.ipv4.conf.default.log_martians glad someone else already spotted it. Just to add to its need/requirement, the Inspec test currently checks for it https://github.com/dev-sec/linux-baseline/blob/master/controls/sysctl_spec.rb#L196. Hope this helps getting the PR progressed.

@rndmh3ro rndmh3ro changed the title WIP - add missing sysctl parameter add missing sysctl parameter Jan 3, 2018
atomic111
atomic111 approved these changes Jan 3, 2018
View reviewed changes
Copy link
Member

@atomic111 atomic111 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rndmh3ro thanks for your great work!!!

@atomic111 atomic111 merged commit 9914085 into master Jan 3, 2018
@rndmh3ro rndmh3ro deleted the martians branch January 3, 2018 11:16
divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
@atomic111
Merge pull request dev-sec#143 from dev-sec/martians
b584438 
add missing sysctl parameter
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ypid ypid ypid left review comments

@atomic111 atomic111 atomic111 approved these changes

@fitz123 fitz123 Awaiting requested review from fitz123

Assignees
No one assigned
Labels
enhancement in progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rndmh3ro @ypid @burdena @atomic111