ubuntu1604:3:3:3

3.3.3 Ensure IPv6 is disabled (Not Scored)

Profile Applicability

Level 1 - Server
Level 1 - Workstation

Description

Although IPv6 has many advantages over IPv4, few organizations have implemented IPv6.

Rationale

If IPv6 is not to be used, it is recommended that it be disabled to reduce the attack surface of the system.

Audit

Run the following command and verify that each linux line has the ipv6.disable=1 parameter set: 

# grep "^\s*linux" /boot/grub/grub.cfg

Remediation

Edit /etc/default/grub and add ipv6.disable=1 to GRUB_CMDLINE_LINUX: 

GRUB_CMDLINE_LINUX="ipv6.disable=1"

Run the following command to update the grub2 configuration: 

# update-grub
  • ubuntu1604/3/3/3.txt
  • Last modified: 2017/05/06 19:12
  • by Piotr Kłoczewski