Disable Support for RPC IPv6
An XCCDF Rule
Description
RPC services for NFSv4 try to load transport modules for
udp6
and tcp6
by default, even if IPv6 has been disabled in
/etc/modprobe.d
. To prevent RPC services such as rpc.mountd
from attempting to start IPv6 network listeners, remove or comment out the
following two lines in /etc/netconfig
:
udp6 tpi_clts v inet6 udp - - tcp6 tpi_cots_ord v inet6 tcp - -
- ID
- xccdf_org.ssgproject.content_rule_network_ipv6_disable_rpc
- Severity
- Unknown
- References
- Updated
Remediation - Shell Script
# Drop 'tcp6' and 'udp6' entries from /etc/netconfig to prevent RPC
# services for NFSv4 from attempting to start IPv6 network listeners
declare -a IPV6_RPC_ENTRIES=("tcp6" "udp6")
for rpc_entry in "${IPV6_RPC_ENTRIES[@]}"