RHEL8-STIG
RHEL8-STIG copied to clipboard
ansible-lockdown
RHEL-08-040259: Shall not enable IPv4 Forwarding | Update configuration to latest baseline
Describe the Issue
Currently this control is applied via a templated 99-sysctl.conf in a handler and is missing the latest configuration required by the STIG.
Expected Behavior
Template should include the following for RHEL-08-040259:
net.ipv4.conf.all.forwarding = 0
Actual Behavior
Currently, only the net.ipv4.ip_forward = 0 is applied.
Control(s) Affected
RHEL-08-040259
Additional Notes
Source: https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2022-06-15/finding/V-250317
Possible Solution
Adjust 99-sysctl.conf.j2 to include the key in the section for RHEL-08-040259.
Edit 1: Revised based on newest baseline and comment from below.
I think you linked an outdated source dated 2021-12-03, the latest release is 2022-06-15.
https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2022-06-15/finding/V-250317
However, the change on 99-sysctl.conf.j2 should be just:
{% if rhel_08_040259 and not rhel8stig_system_is_router %}
# RHEL-08-040259
net.ipv4.conf.all.forwarding = 0
{% endif %}
The net.ipv4.ip_forward = 0 is not in the most recent benchmark.
Gotcha, sorry I missed that. I've updated my original issue text and the title accordingly :)
Gotcha, sorry I missed that. I've updated my original issue text and the title accordingly :)
No worries, I'm in the middle of applying this to my environment and noticed a few items as well. I feel pretty comfortable with STIG'ing and this just a new one that I'm tackling. @uk-bolly I will take this issue for action.
This issue is fixed in release 2.6.0, thank you for opening the issue!
-George
