Ensure IPv6 is disabled through kernel boot parameter

Description

To disable IPv6 protocol support in the Linux kernel, add the argument ipv6.disable=1 to the default GRUB2 command line for the Linux operating system. Configure the default Grub2 kernel command line to contain ipv6.disable=1 as follows:

# grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) ipv6.disable=1"

Rationale

Any unnecessary network stacks, including IPv6, should be disabled to reduce the vulnerability to exploitation.

ID: xccdf_org.ssgproject.content_rule_grub2_ipv6_disable_argument
Severity: Low
References: Req-1.3.1 Req-1.3.2
Updated: about 1 month ago