Is there a way to hide or disable promiscuous interface in Centos 7?

Question

I use Lynis to audit my Centos 7 server security and I got a complain:

! Found promiscuous interface [NETW-3015] - Details : eth0 - Solution : Determine if this mode is required or whitelist interface in profile https://cisofy.com/lynis/controls/NETW-3015/

How do I completely disable the promiscuous mode?

Edit 1 (I found better way to check promiscuous mode look at Edit 2):

I check the promiscuous mode using the following command:

sudo ip link show eth0

The output appeared doesn't contain any promiscuous mode enabled:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000

============================================

Edit 2:

When using this command:

ip -details addr

I can see the output showing promiscuity 1 (which means it is enabled):

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP group default qlen 1000 

link/ether 64:00:6a:73:bf:b5 brd ff:ff:ff:ff:ff:ff promiscuity 1
openvswitch_slave

How do I completely disabled promiscuous mode in Centos 7?

Hai, it's not disabled. Using the command ip -details addr it shows the flag promiscuity 1. I think this is where Lynis complains. — ToiletGuy, Mar 25 '19 at 14:16
You forgot to mention you were running Open vSwitch. That is important information. — Michael Hampton, Mar 25 '19 at 14:19
Is there away to turn it off when Running on Open vSwitch? Actually I use Linode VPS. I also tried changing several kernels that doesn't help.. — ToiletGuy, Mar 25 '19 at 14:27

score 0 · Accepted Answer · answered Mar 27 '19 at 06:39

0

Ok, finally I found out why. To help others:

I had a startup script that enable arpwatch to listen to the eth0 after rebuilding my VPS from scratch and this process is the reason that turning on the promiscuous mode.

answered Mar 27 '19 at 06:39

ToiletGuy

11
6

Is there a way to hide or disable promiscuous interface in Centos 7?

1 Answers1