Disable the IPv6 protocol

An XCCDF Rule

Details
Profiles
Prose

Description

Disable support for IP version 6 (IPv6). The configuration that was used to build kernel is available at /boot/config-*. To check the configuration value for CONFIG_IPV6, run the following command: grep CONFIG_IPV6 /boot/config-* Configs with value 'n' are not explicitly set in the file, so either commented lines or no lines should be returned.

warning alert: Warning

There is no remediation for this besides re-compiling the kernel with the appropriate value for the config.

Rationale

Any unnecessary network stacks, including IPv6, should be disabled to reduce the vulnerability to exploitation.

ID: xccdf_org.ssgproject.content_rule_kernel_config_ipv6
Severity: Medium
References: BP28(R22)
Updated: about 1 year ago