Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Alibaba Cloud Linux 2

Rules, Groups, and Values defined within the XCCDF Benchmark

  • net.ipv6.conf.all.forwarding

    Toggle IPv6 Forwarding
    Value
    Show

  • net.ipv6.conf.all.max_addresses

    Maximum number of autoconfigured IPv6 addresses
    Value
    Show

  • net.ipv6.conf.all.router_solicitations

    Accept all router solicitations?
    Value
    Show

  • net.ipv6.conf.default.accept_ra_defrtr

    Accept default router in router advertisements?
    Value
    Show

  • net.ipv6.conf.default.accept_ra_pinfo

    Accept prefix information in router advertisements?
    Value
    Show

  • net.ipv6.conf.default.accept_ra_rtr_pref

    Accept router preference in router advertisements?
    Value
    Show

  • net.ipv6.conf.default.accept_ra

    Accept default router advertisements by default?
    Value
    Show

  • net.ipv6.conf.default.accept_redirects

    Toggle ICMP Redirect Acceptance By Default
    Value
    Show

  • net.ipv6.conf.default.accept_source_route

    Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirec...
    Value
    Show

  • net.ipv6.conf.default.autoconf

    Enable auto configuration on IPv6 interfaces
    Value
    Show

  • net.ipv6.conf.default.forwarding

    Toggle IPv6 default Forwarding
    Value
    Show

  • net.ipv6.conf.default.max_addresses

    Maximum number of autoconfigured IPv6 addresses
    Value
    Show

  • net.ipv6.conf.default.router_solicitations

    Accept all router solicitations by default?
    Value
    Show

  • Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default

    To set the runtime status of the <code>net.ipv6.conf.default.accept_source_route</code> kernel parameter, run the following command: <pre>$ sudo sy...
    Rule Medium Severity
    Show

  • Limit Network-Transmitted Configuration if Using Static IPv6 Addresses

    To limit the configuration information requested from other systems and accepted from the network on a system that uses statically-configured IPv6 ...
    Group
    Show

  • cron_system_cronjob_use_shares SELinux Boolean

    default - Default SELinux boolean setting.
    on - SELinux boolean is enabled.
    off - SELinux boolean is disabled.
    Value
    Show

  • net.ipv4.conf.default.arp_filter

    Controls whether the ARP filter is enabled or not. 1 - Allows you to have multiple network interfaces on the same subnet, and have the ARPs for ea...
    Value
    Show

  • net.ipv4.conf.default.arp_ignore

    Control the response modes for ARP queries that resolve local target IP addresses: 0 - (default): reply for any local target IP address, configure...
    Value
    Show

  • net.ipv4.conf.all.forwarding

    Toggle IPv4 Forwarding
    Value
    Show

  • net.ipv4.conf.all.log_martians

    Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets
    Value
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules