[Forgot Password]
Login  Register Subscribe

24437

 
 

131815

 
 

116564

 
 

909

 
 

91325

 
 

141

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-92053-8

Platform: Amazon LinuxDate: (C)2018-10-29   (M)2018-11-30



Disable Accepting IPv6 Router Advertisements To set the runtime status of the 'net.ipv6.conf.default.accept_ra' kernel parameter, run the following command:


Parameter:


Technical Mechanism: An illicit router advertisement message could result in a man-in-the-middle attack. Fix: # # Set runtime for net.ipv6.conf.default.accept_ra # sysctl -q -n -w net.ipv6.conf.default.accept_ra=0 # # If net.ipv6.conf.default.accept_ra present in /etc/sysctl.conf, change value to "0" # else, add "net.ipv6.conf.default.accept_ra = 0" to /etc/sysctl.conf # if grep --silent ^net.ipv6.conf.default.accept_ra /etc/sysctl.conf ; then sed -i 's/^net.ipv6.conf.default.accept_ra.*/net.ipv6.conf.default.accept_ra = 0/g' /etc/sysctl.conf else echo "" >> /etc/sysctl.conf echo "# Set net.ipv6.conf.default.accept_ra to 0 per security requirements" >> /etc/sysctl.conf echo "net.ipv6.conf.default.accept_ra = 0" >> /etc/sysctl.conf fi

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:48240


OVAL    2
oval:org.secpod.oval:def:48240
oval:org.secpod.oval:def:48997
XCCDF    2
xccdf_org.secpod_benchmark_general_Amazon_Linux_AMI
xccdf_org.secpod_benchmark_general_Amazon_Linux_2

© SecPod Technologies