Morning again, While working a bit more on the sysctl issue with net.ipv4.ip_forward and net.ipv4.conf.all.accept_redirects found another interesting tidbit. My boxes are stock installs, which includes the libvirtd service as an enabled service. I noticed that my /etc/sysctl.conf file explicitly had 'net.ipv4.ip_forward = 0', but the output of 'sysctl net.ipv4.ip_forward' shows a running value of '1'. This makes sense, as libvirtd I believe needs to be able to forward packets potentially between any virtual NICs on the system. My question - is there a STIG that requires this service to be disabled or not installed. If not, then RHEL-06-000082 will never be satisfied. Bear in mind, I'm still working from the published RHEL6 STIG, not the SSG document at this time.
-Rob
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
