Use Privacy Extensions for Address

An XCCDF Rule

Details
Profiles
Prose

Description

To introduce randomness into the automatic generation of IPv6 addresses, add or correct the following line in /etc/sysconfig/network-scripts/ifcfg-interface:

IPV6_PRIVACY=rfc3041

Automatically-generated IPv6 addresses are based on the underlying hardware (e.g. Ethernet) address, and so it becomes possible to track a piece of hardware over its lifetime using its traffic. If it is important for a system's IP address to not trivially reveal its hardware address, this setting should be applied.

ID: xccdf_org.ssgproject.content_rule_network_ipv6_privacy_extensions
Severity: Unknown
References: 3.1.20

CCI-000366
Updated: about 1 year ago


# enable randomness in ipv6 address generation
for interface in /etc/sysconfig/network-scripts/ifcfg-*
do
    echo "IPV6_PRIVACY=rfc3041" >> $interface
done

Use Privacy Extensions for Address

Description

Remediation - Shell Script