000033105 - How to disable Ping Internet Control Message Protocol (ICMP) reply on RSA Authentication Manager 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 23, 2018
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000033105
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
IssueThis article explains how to disable ping on RSA Authentication Manager.
Resolution
  1. Connect to the Authentication Manager server via SSH or a direct connection.
  2. Login as rsaadmin.
  3. Change to the root user

sudo su

  1. When prompted, enter the rsaadmin password.
  2. Open /etc/sysctl.conf in a text editor:

vi /etc/sysctl.conf

  1. Add the following line (net.ipv4.icmp_echo_ignore_all = 1), shown in bold below the line for net.ipv4.conf.all.promote_secondaries = 1:

# # Disable response to broadcasts.
# You don't want yourself becoming a Smurf amplifier.
net.ipv4.icmp_echo_ignore_broadcasts = 1
# enable route verification on all interfaces
net.ipv4.conf.all.rp_filter = 1
# enable ipV6 forwarding
#net.ipv6.conf.all.forwarding = 1
# increase the number of possible inotify(7) watches
fs.inotify.max_user_watches = 65536
# avoid deleting secondary IPs on deleting the primary IP
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
net.ipv4.icmp_echo_ignore_all = 1
kernel.shmmax-4195561472
kernel.shmall-1024307

  1. Press [ESC[ and save and close the file:

:wq!

  1. Edits to /etc/sysctl.conf will take affect immediately by running sysctl -p, and on reboot of the Autehntication Manager server.

sysctl -p sysctl.conf

Attachments

    Outcomes