[Forgot Password]
Login  Register Subscribe

24547

 
 

132176

 
 

122448

 
 

909

 
 

100914

 
 

148

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-92053-8

Platform: Amazon LinuxDate: (C)2018-10-29   (M)2019-05-03



Disable Accepting IPv6 Router Advertisements To set the runtime status of the 'net.ipv6.conf.default.accept_ra' kernel parameter, run the following command:


Parameter:


Technical Mechanism: An illicit router advertisement message could result in a man-in-the-middle attack. Fix: # # Set runtime for net.ipv6.conf.default.accept_ra # sysctl -q -n -w net.ipv6.conf.default.accept_ra=0 # # If net.ipv6.conf.default.accept_ra present in /etc/sysctl.conf, change value to "0" # else, add "net.ipv6.conf.default.accept_ra = 0" to /etc/sysctl.conf # if grep --silent ^net.ipv6.conf.default.accept_ra /etc/sysctl.conf ; then sed -i 's/^net.ipv6.conf.default.accept_ra.*/net.ipv6.conf.default.accept_ra = 0/g' /etc/sysctl.conf else echo "" >> /etc/sysctl.conf echo "# Set net.ipv6.conf.default.accept_ra to 0 per security requirements" >> /etc/sysctl.conf echo "net.ipv6.conf.default.accept_ra = 0" >> /etc/sysctl.conf fi

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:48240


OVAL    2
oval:org.secpod.oval:def:48240
oval:org.secpod.oval:def:48997
XCCDF    2
xccdf_org.secpod_benchmark_general_Amazon_Linux_AMI
xccdf_org.secpod_benchmark_general_Amazon_Linux_2

© SecPod Technologies