Ensure IPv6 is disabled through kernel boot parameter
An XCCDF Rule
Description
To disable IPv6 protocol support in the Linux kernel,
add the argument ipv6.disable=1 to the default
GRUB2 command line for the Linux operating system.
Configure the default Grub2 kernel command line to contain ipv6.disable=1 as follows:
# grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) ipv6.disable=1"
Rationale
Any unnecessary network stacks, including IPv6, should be disabled to reduce the vulnerability to exploitation.
- ID
- xccdf_org.ssgproject.content_rule_grub2_ipv6_disable_argument
- Severity
- Low
- Updated