> On Wed, 6 Apr 2005 16:00:51 -0300
> "Alexandre Skyrme" <[EMAIL PROTECTED]> wrote:
>
> > Greetings,
> >
> > After installing TSL 3.0 alpha I happened to notice it has IPv6
> > support enabled by default. What would be the proper way to disable
> > it, that is to disable IPv6 support in TSL 3.0 alpha? I
> looked around
> > in /etc/sysconfig (certainly in /etc/sysconfig/network) but
> couldn't
> > find any suitable options.
>
> I had no time to try 3.0alpha yet, but if IPv6 is build not as module
> (== in-kernel, which is good IMHO), you have to rebuild the
> kernel without it.
>
> Maybe there is a way to disable temporary/sitelocal adresses
> via sysctl (just an idea..) Play with
> /proc/sys/net/ipv6/conf/*/[autoconf|use_tempaddr] and kernel
> doc in /usr/src/linux/Documentation/networking/ip-sysctl.txt.
>
> As alternative you can flush all v6 adresses via:
> $ ip -6 addr flush scope all
>
> But what is the problem with having the IPv6 stack loaded?
Greetings Olaf,
I believe IPv6 support in TSL 3.0 Alpha is indeed built as a module:
[EMAIL PROTECTED] ~$ ls -l /lib/modules/2.6.11.6-1tr/kernel/net/ipv6/ipv6.ko
-rw-r--r-- 1 root root 250298 Mar 30 11:05
/lib/modules/2.6.11.6-1tr/kernel/net/ipv6/ipv6.ko
[EMAIL PROTECTED] ~$ lsmod | grep ipv6
ipv6 212640 -
[EMAIL PROTECTED] ~$
Flushing the IPv6 addresses and playing with sysctl might partially
solve this issue but what I meant to know was if there was a "proper" way of
doing it (ie, using config files). Wouldn't it be nice to have an option
somewhere in /etc/sysconfig to allow for easy enabling/disabling of IPv6
support?
In fact the problem with leaving it enabled is just that it goes
against the standard security recommendation of disabling/removing everyhing
that's not effectively needed (packages, services, etc). Besides, if it's
not going to be used anyway, why leave it enabled?
There's a discussion about a similar issue in Fedora Core 1's
bugzilla: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112535.
Regards,
--
Alexandre Skyrme
Cipher - Seguran�a da Informa��o
+55-21-2542-6677
www.ciphersec.com.br
Esta mensagem eletr�nica pode conter informa��es privilegiadas e/ou
confidenciais, portanto fica o seu receptor notificado de que qualquer
dissemina��o, distribui��o ou c�pia n�o autorizada � estritamente proibida.
Se voc� recebeu esta mensagem indevidamente ou por engano, por favor,
informe este fato ao remetente e a apague de seu computador imediatamente.
This e-mail message may contain legally privileged and/or confidential
information, therefore, the recipient is hereby notified that any
unauthorized dissemination, distribution or copying is strictly prohibited.
If you have received this e-mail message inappropriately or accidentally,
please notify the sender and delete it from your computer immediately.
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss
