浏览代码
CIS 3.3.3 Ensure IPv6 is disabled
Related-Prod: PROD-20755 Change-Id: I44cc3bdb4a0436ff17f790a828d03697b89d3520pull/165/head
Dmitry Teselkin
6 年前
+ 35
- 0
metadata/service/system/cis/cis-3-3-3.yml
查看文件
| @@ -0,0 +1,35 @@ | |||
| # CIS 3.3.3 Ensure IPv6 is disabled | |||
| # | |||
| # Description | |||
| # =========== | |||
| # Although IPv6 has many advantages over IPv4, few organizations have | |||
| # implemented IPv6. | |||
| # | |||
| # Rationale | |||
| # ========= | |||
| # If IPv6 is not to be used, it is recommended that it be disabled to | |||
| # reduce the attack surface of the system. | |||
| # | |||
| # Audit | |||
| # ====== | |||
| # Run the following command and verify that each linux line has | |||
| # the 'ipv6.disable=1' parameter set: | |||
| # | |||
| # # grep "^\s*linux" /boot/grub/grub.cfg | |||
| # | |||
| # Remediation | |||
| # =========== | |||
| # Edit /etc/default/grub and add 'ipv6.disable=1' to GRUB_CMDLINE_LINUX: | |||
| # | |||
| # GRUB_CMDLINE_LINUX="ipv6.disable=1" | |||
| # | |||
| # Run the following command to update the grub2 configuration: | |||
| # | |||
| # # update-grub | |||
| # | |||
| parameters: | |||
| linux: | |||
| system: | |||
| kernel: | |||
| boot_options: | |||
| - ipv6.disable=1 | |||
+ 2
- 0
metadata/service/system/cis/init.yml
查看文件
| @@ -0,0 +1,2 @@ | |||
| classes: | |||
| - service.linux.system.cis.cis-3-3-3 | |||
正在加载...