From e6d75ad096f0d9d0069f95d6b01d749972a43d8b Mon Sep 17 00:00:00 2001 From: fred-vogt-dod Date: Thu, 10 Nov 2022 12:04:53 -0800 Subject: [PATCH] sysctl updates --- scripts/cis-benchmark.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/cis-benchmark.sh b/scripts/cis-benchmark.sh index a86f5f4..df70ecb 100755 --- a/scripts/cis-benchmark.sh +++ b/scripts/cis-benchmark.sh @@ -300,8 +300,10 @@ echo "2.2.4 - ensure LDAP client is not installed" yum_remove openldap-clients echo "3.1.1 - ensure IP forwarding is disabled" -sysctl_entry "net.ipv4.ip_forward = 0" -sysctl_entry "net.ipv6.conf.all.forwarding = 0" +# Required for working container networking +# sysctl_entry "net.ipv4.ip_forward = 0" +# sysctl_entry "net.ipv4.conf.all.forwarding = 0" +# sysctl_entry "net.ipv6.conf.all.forwarding = 0" echo "3.1.2 - ensure packet redirect sending is disabled" sysctl_entry "net.ipv4.conf.all.send_redirects = 0"