SCA result failed, but should pass

Jay

unread,

May 9, 2022, 3:45:41 PM5/9/22

to Wazuh mailing list

Hi,

I've got Wazuh deployed to a bunch of RHEL 8 servers. In the SCA, I'm showing failures for the following:

5075 - Ensure packet redirect sending is disabled

5076 - Ensure source routed packets are not accepted

5077 - Ensure ICMP redirects are not accepted

5078 - Ensure secure ICMP redirects are not accepted

5079 - Ensure suspicious packets are logged

But I've implemented these sysctl changes and have manually verified the checks, they are in place and should pass.

How can I further troubleshoot exactly what the SCA rule is failing on?''

Thanks,

J

Jay

unread,

May 9, 2022, 5:46:24 PM5/9/22

to Wazuh mailing list

I moved the modifications to /etc/sysctl.conf from /etc/sysctl.d/custom.conf and it worked. So, the check is not accurate as it mentions it checks in /etc/sysctl.d/* as well.

J

Jose Antonio Izquierdo

unread,

May 10, 2022, 12:58:09 AM5/10/22

to Wazuh mailing list

Hi Jay,

We will review the controls. To track the review and solution, we did open this issue - https://github.com/wazuh/wazuh/issues/13417. Feel free to comment there any other findings you may have about this RHEL8 SCA.

Thanks a lot.

Jose.

Jay

unread,

May 10, 2022, 10:21:02 AM5/10/22

to Wazuh mailing list

Thank you. I have added to the discussion there.

J

Reply all

Reply to author

Forward