[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 328 Download | Alert*

The /etc/gshadow file should be owned by the appropriate user.

This guide presents a catalog of security-relevant configuration settings for Amazon Linux 2 formatted in the eXtensible Configuration Checklist Description Format (XCCDF).

Disable Interface Usage of IPv6 To disable interface usage of IPv6, add or correct the following lines in '/etc/sysconfig/network': NETWORKING_IPV6=no IPV6INIT=no

Disable Support for RPC IPv6 RPC services for NFSv4 try to load transport modules for 'udp6' and 'tcp6' by default, even if IPv6 has been disabled in '/etc/modprobe.d'. To prevent RPC services such as 'rpc.mountd' from attempting to start IPv6 network listeners, remove or comment out the following two lines in '/etc/netconfig': udp6 tpi_clts v inet6 udp - - tcp6 ...

Disable Accepting IPv6 Router Advertisements To set the runtime status of the 'net.ipv6.conf.default.accept_ra' kernel parameter, run the following command:

Disable Accepting IPv6 Redirects This setting prevents the system from accepting ICMP redirects. ICMP redirects tell the system about alternate routes for sending traffic.

Manually Assign Global IPv6 Address To manually assign an IP address for an interface, edit the file '/etc/sysconfig/network-scripts/ifcfg-interface'. Add or correct the following line (substituting the correct IPv6 address): 'IPV6ADDR=2001:0DB8::ABCD/64' Manually assigning an IP address is preferable to accepting one from routers or from the network otherwise. The example address here is an IPv6 ...

Use Privacy Extensions for Address To introduce randomness into the automatic generation of IPv6 addresses, add or correct the following line in '/etc/sysconfig/network-scripts/ifcfg-interface': 'IPV6_PRIVACY=rfc3041' Automatically-generated IPv6 addresses are based on the underlying hardware (e.g. Ethernet) address, and so it becomes possible to track a piece of hardware over its lifetime using ...

Manually Assign IPv6 Router Address Edit the file '/etc/sysconfig/network-scripts/ifcfg-interface', and add or correct the following line (substituting your gateway IP as appropriate): 'IPV6_DEFAULTGW=2001:0DB8::0001' Router addresses should be manually set and not accepted via any auto-configuration or router advertisement.

Set Default ip6tables Policy for Incoming Packets To set the default policy to DROP (instead of ACCEPT) for the built-in INPUT chain which processes incoming packets, add or correct the following line in '/etc/sysconfig/ip6tables': ':INPUT DROP [0:0]' If changes were required, reload the ip6tables rules: '$ sudo service ip6tables reload'

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   32

© SecPod Technologies