Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Red Hat Virtualization 4
System Settings
Network Configuration and Firewalls
IPv6
Configure IPv6 Settings if Necessary
Use Privacy Extensions for Address
Use Privacy Extensions for Address
An XCCDF Rule
Details
Profiles
Prose
Use Privacy Extensions for Address
Unknown Severity
To introduce randomness into the automatic generation of IPv6 addresses, add or correct the following line in
/etc/sysconfig/network-scripts/ifcfg-
interface
:
IPV6_PRIVACY=rfc3041
Automatically-generated IPv6 addresses are based on the underlying hardware (e.g. Ethernet) address, and so it becomes possible to track a piece of hardware over its lifetime using its traffic. If it is important for a system's IP address to not trivially reveal its hardware address, this setting should be applied.