metadata/service/system/cis/cis-3-3-3.yml - salt-formulas/linux - Gitiles

 # CIS 3.3.3 Ensure IPv6 is disabled
 #
 # Description
 # ===========
 # Although IPv6 has many advantages over IPv4, few organizations have
 # implemented IPv6.
 #
 # Rationale
 # =========
 # If IPv6 is not to be used, it is recommended that it be disabled to
 # reduce the attack surface of the system.
 #
 # Audit
 # ======
 # Run the following command and verify that each linux line has
 # the 'ipv6.disable=1' parameter set:
 #
 #   # grep "^\s*linux" /boot/grub/grub.cfg
 #
 # Remediation
 # ===========
 # Edit /etc/default/grub and add 'ipv6.disable=1' to GRUB_CMDLINE_LINUX:
 #
 #   GRUB_CMDLINE_LINUX="ipv6.disable=1"
 #
 # Run the following command to update the grub2 configuration:
 #
 #   # update-grub
 #
 parameters:
   linux:
     system:
       kernel:
         boot_options:
           - ipv6.disable=1
	# CIS 3.3.3 Ensure IPv6 is disabled
	#
	# Description
	# ===========
	# Although IPv6 has many advantages over IPv4, few organizations have
	# implemented IPv6.
	#
	# Rationale
	# =========
	# If IPv6 is not to be used, it is recommended that it be disabled to
	# reduce the attack surface of the system.
	#
	# Audit
	# ======
	# Run the following command and verify that each linux line has
	# the 'ipv6.disable=1' parameter set:
	#
	# # grep "^\s*linux" /boot/grub/grub.cfg
	#
	# Remediation
	# ===========
	# Edit /etc/default/grub and add 'ipv6.disable=1' to GRUB_CMDLINE_LINUX:
	#
	# GRUB_CMDLINE_LINUX="ipv6.disable=1"
	#
	# Run the following command to update the grub2 configuration:
	#
	# # update-grub
	#
	parameters:
	linux:
	system:
	kernel:
	boot_options:
	- ipv6.disable=1