Procházet zdrojové kódy

CIS 3.3.3 Ensure IPv6 is disabled

Related-Prod: PROD-20755

Change-Id: I44cc3bdb4a0436ff17f790a828d03697b89d3520
pull/165/head
Dmitry Teselkin před 6 roky
rodič
revize
cc7263a275
2 změnil soubory, kde provedl 37 přidání a 0 odebrání
  1. +35
    -0
      metadata/service/system/cis/cis-3-3-3.yml
  2. +2
    -0
      metadata/service/system/cis/init.yml

+ 35
- 0
metadata/service/system/cis/cis-3-3-3.yml Zobrazit soubor

@@ -0,0 +1,35 @@
# CIS 3.3.3 Ensure IPv6 is disabled
#
# Description
# ===========
# Although IPv6 has many advantages over IPv4, few organizations have
# implemented IPv6.
#
# Rationale
# =========
# If IPv6 is not to be used, it is recommended that it be disabled to
# reduce the attack surface of the system.
#
# Audit
# ======
# Run the following command and verify that each linux line has
# the 'ipv6.disable=1' parameter set:
#
# # grep "^\s*linux" /boot/grub/grub.cfg
#
# Remediation
# ===========
# Edit /etc/default/grub and add 'ipv6.disable=1' to GRUB_CMDLINE_LINUX:
#
# GRUB_CMDLINE_LINUX="ipv6.disable=1"
#
# Run the following command to update the grub2 configuration:
#
# # update-grub
#
parameters:
linux:
system:
kernel:
boot_options:
- ipv6.disable=1

+ 2
- 0
metadata/service/system/cis/init.yml Zobrazit soubor

@@ -0,0 +1,2 @@
classes:
- service.linux.system.cis.cis-3-3-3

Načítá se…
Zrušit
Uložit