[Forgot Password]
Login  Register Subscribe

24547

 
 

132176

 
 

122448

 
 

909

 
 

100878

 
 

148

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-92054-6

Platform: Amazon LinuxDate: (C)2018-10-29   (M)2019-05-03



Disable Accepting IPv6 Redirects This setting prevents the system from accepting ICMP redirects. ICMP redirects tell the system about alternate routes for sending traffic.


Parameter:


Technical Mechanism: To set the runtime status of the 'net.ipv6.conf.default.accept_redirects' kernel parameter, run the following command: An illicit ICMP redirect message could result in a man-in-the-middle attack. Fix: # # Set runtime for net.ipv6.conf.default.accept_redirects # sysctl -q -n -w net.ipv6.conf.default.accept_redirects=0 # # If net.ipv6.conf.default.accept_redirects present in /etc/sysctl.conf, change value to "0" # else, add "net.ipv6.conf.default.accept_redirects = 0" to /etc/sysctl.conf # if grep --silent ^net.ipv6.conf.default.accept_redirects /etc/sysctl.conf ; then sed -i 's/^net.ipv6.conf.default.accept_redirects.*/net.ipv6.conf.default.accept_redirects = 0/g' /etc/sysctl.conf else echo "" >> /etc/sysctl.conf echo "# Set net.ipv6.conf.default.accept_redirects to 0 per security requirements" >> /etc/sysctl.conf echo "net.ipv6.conf.default.accept_redirects = 0" >> /etc/sysctl.conf fi

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:48241


OVAL    2
oval:org.secpod.oval:def:48241
oval:org.secpod.oval:def:48988
XCCDF    2
xccdf_org.secpod_benchmark_general_Amazon_Linux_AMI
xccdf_org.secpod_benchmark_general_Amazon_Linux_2

© SecPod Technologies