[Forgot Password]
Login  Register Subscribe

24437

 
 

131815

 
 

116564

 
 

909

 
 

91325

 
 

141

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-92054-6

Platform: Amazon LinuxDate: (C)2018-10-29   (M)2018-11-30



Disable Accepting IPv6 Redirects This setting prevents the system from accepting ICMP redirects. ICMP redirects tell the system about alternate routes for sending traffic.


Parameter:


Technical Mechanism: To set the runtime status of the 'net.ipv6.conf.default.accept_redirects' kernel parameter, run the following command: An illicit ICMP redirect message could result in a man-in-the-middle attack. Fix: # # Set runtime for net.ipv6.conf.default.accept_redirects # sysctl -q -n -w net.ipv6.conf.default.accept_redirects=0 # # If net.ipv6.conf.default.accept_redirects present in /etc/sysctl.conf, change value to "0" # else, add "net.ipv6.conf.default.accept_redirects = 0" to /etc/sysctl.conf # if grep --silent ^net.ipv6.conf.default.accept_redirects /etc/sysctl.conf ; then sed -i 's/^net.ipv6.conf.default.accept_redirects.*/net.ipv6.conf.default.accept_redirects = 0/g' /etc/sysctl.conf else echo "" >> /etc/sysctl.conf echo "# Set net.ipv6.conf.default.accept_redirects to 0 per security requirements" >> /etc/sysctl.conf echo "net.ipv6.conf.default.accept_redirects = 0" >> /etc/sysctl.conf fi

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:48241


OVAL    2
oval:org.secpod.oval:def:48241
oval:org.secpod.oval:def:48988
XCCDF    2
xccdf_org.secpod_benchmark_general_Amazon_Linux_AMI
xccdf_org.secpod_benchmark_general_Amazon_Linux_2

© SecPod Technologies