瀏覽代碼

CIS 3.3.3 Ensure IPv6 is disabled

Related-Prod: PROD-20755

Change-Id: I44cc3bdb4a0436ff17f790a828d03697b89d3520
pull/165/head
Dmitry Teselkin 6 年之前
父節點
當前提交
cc7263a275
共有 2 個檔案被更改,包括 37 行新增0 行删除
  1. +35
    -0
      metadata/service/system/cis/cis-3-3-3.yml
  2. +2
    -0
      metadata/service/system/cis/init.yml

+ 35
- 0
metadata/service/system/cis/cis-3-3-3.yml 查看文件

@@ -0,0 +1,35 @@
# CIS 3.3.3 Ensure IPv6 is disabled
#
# Description
# ===========
# Although IPv6 has many advantages over IPv4, few organizations have
# implemented IPv6.
#
# Rationale
# =========
# If IPv6 is not to be used, it is recommended that it be disabled to
# reduce the attack surface of the system.
#
# Audit
# ======
# Run the following command and verify that each linux line has
# the 'ipv6.disable=1' parameter set:
#
# # grep "^\s*linux" /boot/grub/grub.cfg
#
# Remediation
# ===========
# Edit /etc/default/grub and add 'ipv6.disable=1' to GRUB_CMDLINE_LINUX:
#
# GRUB_CMDLINE_LINUX="ipv6.disable=1"
#
# Run the following command to update the grub2 configuration:
#
# # update-grub
#
parameters:
linux:
system:
kernel:
boot_options:
- ipv6.disable=1

+ 2
- 0
metadata/service/system/cis/init.yml 查看文件

@@ -0,0 +1,2 @@
classes:
- service.linux.system.cis.cis-3-3-3

Loading…
取消
儲存