Fuel slaves sysctl.conf security hardening
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Won't Fix
|
Medium
|
Fuel Sustaining | ||
10.0.x |
Won't Fix
|
Medium
|
Fuel Sustaining | ||
8.0.x |
Won't Fix
|
Medium
|
Unassigned | ||
9.x |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Detailed bug description:
Observe Linux network stack sysctl values of Fuel slave nodes.
Expected results:
generic-
For Linux systems ensure the following sysctl values are set:
* net.ipv4.
* net.ipv4.
* net.ipv6.
* net.ipv4.
* net.ipv6.
sysctl -w net.ipv4.
sysctl -w net.ipv4.
sysctl -w net.ipv6.
sysctl -w net.ipv4.
sysctl -w net.ipv6.
More Linux information can be found at https:/
linux-icmp-redirect
Disable ICMP redirect support
Issue the following commands as root:
sysctl -w net.ipv4.
sysctl -w net.ipv4.
sysctl -w net.ipv4.
sysctl -w net.ipv4.
These settings can be added to /etc/sysctl.conf to make them permanent.
generic-
Disable TCP timestamp responses on Linux
Set the value of net.ipv4.
sysctl -w net.ipv4.
Additionally, put the following value in the default sysctl configuration file, generally sysctl.conf:
net.ipv4.
Changed in mos: | |
milestone: | 9.2 → 9.3 |
Changed in mos: | |
status: | Triaged → Won't Fix |
Won't Fix for 8.0 as MUs for 8.0 are postponed. Confirmed for 9.2 and 10.