>From 8ce551b3501f158897a22930d7afe166462ec65f Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Thu, 17 Apr 2014 22:39:00 -0400 Subject: [PATCH 14/15] Adding sysctl_net_ipv6_conf_all_accept_ra XCCDF
Per C2S requirements --- RHEL/6/input/system/network/ipv6.xml | 18 +++++++++++++++++- 1 files changed, 17 insertions(+), 1 deletions(-) diff --git a/RHEL/6/input/system/network/ipv6.xml b/RHEL/6/input/system/network/ipv6.xml index 22f496e..626f8e5 100644 --- a/RHEL/6/input/system/network/ipv6.xml +++ b/RHEL/6/input/system/network/ipv6.xml @@ -123,7 +123,7 @@ operator="equals" interactive="0"> </Value> <Rule id="sysctl_net_ipv6_conf_default_accept_ra"> -<title>Disable Accepting IPv6 Router Advertisements</title> +<title>Disable Default Acceptance of IPv6 Router Advertisements</title> <description> <sysctl-desc-macro sysctl="net.ipv6.conf.default.accept_ra" value="0" /> </description> @@ -138,6 +138,22 @@ An illicit router advertisement message could result in a man-in-the-middle atta <ref nist="CM-7" /> </Rule> +<Rule id="sysctl_net_ipv6_conf_all_accept_ra"> +<title>Disable All Acceptance of IPv6 Router Advertisements</title> +<description> +<sysctl-desc-macro sysctl="net.ipv6.conf.all.accept_ra" value="0" /> +</description> +<ocil> +<sysctl-check-macro sysctl="net.ipv6.conf.all.accept_ra" value="0" /> +</ocil> +<rational> +An illicit router advertizement message could result in a man-in-the-middle attack. +</rationale> +<ident cce="" /> +<oval id="sysctl_net_ipv6_conf_all_accept_ra" value="0" /> +<ref nist="CM-7" /> +</Rule> + <Rule id="sysctl_ipv6_default_accept_redirects" severity="medium"> <title>Disable Accepting IPv6 Redirects</title> <description> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
