{"description": "To set the runtime status of the net.ipv4.ip_local_port_range kernel parameter, run the following command: $ sudo sysctl -w net.ipv4.ip_local_port_range=32768 65535
\nTo make sure that the setting is persistent, add the following line to a file in the directory /etc/sysctl.d: net.ipv4.ip_local_port_range = 32768 65535
", "rationale": "This setting defines the local port range that is used by TCP and UDP to\nchoose the local port. The first number is the first, the second the last\nlocal port number.", "severity": "medium", "references": {"anssi": ["R12"]}, "control_references": {"anssi": ["R12"]}, "components": [], "identifiers": {}, "ocil_clause": "the correct value is not returned", "ocil": "The runtime status of the net.ipv4.ip_local_port_range kernel parameter can be queried\nby running the following command:\n$ sysctl net.ipv4.ip_local_port_range
\n32768 65535.\n", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {"check-import": "stdout", "platform": ["multi_platform_all"], "environment": "any", "filename": "sysctl_net_ipv4_ip_local_port_range.sh", "relative_path": "ubuntu2204/checks/sce/sysctl_net_ipv4_ip_local_port_range.sh"}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Set Kernel Parameter to Increase Local Port Range", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml", "template": {"name": "sysctl", "vars": {"sysctlvar": "net.ipv4.ip_local_port_range", "datatype": "string", "sysctlval": "32768 65535", "operation": "pattern match", "sysctlval_regex": "32768\\s*65535"}, "backends": {}}}