| Dmitry Teselkin | cc7263a | 2018-08-15 14:55:50 +0300 | [diff] [blame] | 1 | # CIS 3.3.3 Ensure IPv6 is disabled |
| 2 | # |
| 3 | # Description |
| 4 | # =========== |
| 5 | # Although IPv6 has many advantages over IPv4, few organizations have |
| 6 | # implemented IPv6. |
| 7 | # |
| 8 | # Rationale |
| 9 | # ========= |
| 10 | # If IPv6 is not to be used, it is recommended that it be disabled to |
| 11 | # reduce the attack surface of the system. |
| 12 | # |
| 13 | # Audit |
| 14 | # ====== |
| 15 | # Run the following command and verify that each linux line has |
| 16 | # the 'ipv6.disable=1' parameter set: |
| 17 | # |
| 18 | # # grep "^\s*linux" /boot/grub/grub.cfg |
| 19 | # |
| 20 | # Remediation |
| 21 | # =========== |
| 22 | # Edit /etc/default/grub and add 'ipv6.disable=1' to GRUB_CMDLINE_LINUX: |
| 23 | # |
| 24 | # GRUB_CMDLINE_LINUX="ipv6.disable=1" |
| 25 | # |
| 26 | # Run the following command to update the grub2 configuration: |
| 27 | # |
| 28 | # # update-grub |
| 29 | # |
| 30 | parameters: |
| 31 | linux: |
| 32 | system: |
| 33 | kernel: |
| 34 | boot_options: |
| 35 | - ipv6.disable=1 |