3c19f00a7f
This patch adds the right tags to each piece of metadata and corrects small errors found in the deployer notes. Closes-bug: 1595669 Change-Id: Ic04aaad85ebf111be5a0bdb01a350442fdea1433
452 B
452 B
---id: V-38526 status: opt-in tag: kernel ---
The STIG requires that secure ICMP redirects are disabled, but this can cause issues in some virtualized or containerized environments. The Ansible tasks in the security role will not disable these redirects by default.
Deployers who want to enable the task (and disable ICMP redirects), should set the following Ansible variable:
security_disable_icmpv4_redirects_secure: yes