Guide to the Secure Configuration of Debian 11
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disable IPv6 Addressing on All IPv6 Interfaces
To disable support for (<code>ipv6</code>) addressing on all interface add the following line to <code>/etc/sysctl.d/ipv6.conf</code> (or another file in <code>/etc/sysctl.d</code>): <pre>net.ipv6....Rule Medium Severity -
Disable IPv6 Addressing on IPv6 Interfaces by Default
To disable support for (<code>ipv6</code>) addressing on interfaces by default add the following line to <code>/etc/sysctl.d/ipv6.conf</code> (or another file in <code>/etc/sysctl.d</code>): <pre>n...Rule Medium Severity -
Kernel Parameters Which Affect Networking
Thesysctlutility is used to set parameters which affect the operation of the Linux kernel. Kernel parameters which affect networking and have security implications are described here.Group -
Network Related Kernel Runtime Parameters for Hosts and Routers
Certain kernel parameters should be set for systems which are acting as either hosts or routers to improve the system's ability defend against certain types of IPv4 protocol attacks.Group -
net.ipv4.conf.default.arp_filter
Controls whether the ARP filter is enabled or not. 1 - Allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not t...Value
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules