Detections
Analytics

Revision 1.4

May 10, 2021
Functional Update
  • 1.4.2 Ensure filesystem integrity is regularly checked
  • 3.2.1 Ensure IP forwarding is disabled - ipv6 files
  • 3.2.1 Ensure IP forwarding is disabled - ipv6 sysctl
  • 3.3.1 Ensure source routed packets are not accepted - 'net.ipv6.conf.all.accept_source_route = 0'
  • 3.3.1 Ensure source routed packets are not accepted - 'net.ipv6.conf.default.accept_source_route = 0'
  • 3.3.1 Ensure source routed packets are not accepted - files 'net.ipv6.conf.all.accept_source_route = 0'
  • 3.3.1 Ensure source routed packets are not accepted - files 'net.ipv6.conf.default.accept_source_route = 0'
  • 3.3.2 Ensure ICMP redirects are not accepted - 'net.ipv6.conf.all.accept_redirects = 0'
  • 3.3.2 Ensure ICMP redirects are not accepted - 'net.ipv6.conf.default.accept_redirects = 0'
  • 3.3.2 Ensure ICMP redirects are not accepted - files 'net.ipv6.conf.all.accept_redirects = 0'
  • 3.3.2 Ensure ICMP redirects are not accepted - files 'net.ipv6.conf.default.accept_redirects = 0'
  • 3.3.9 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.all.accept_ra = 0'
  • 3.3.9 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.default.accept_ra = 0'
  • 3.3.9 Ensure IPv6 router advertisements are not accepted - files 'net.ipv6.conf.all.accept_ra = 0'
  • 3.3.9 Ensure IPv6 router advertisements are not accepted - files 'net.ipv6.conf.default.accept_ra = 0'
  • 3.5.2.7 Ensure loopback traffic is configured - ip6 saddr
  • 3.5.3.2.1 Ensure default deny firewall policy - Chain FORWARD
  • 3.5.3.2.1 Ensure default deny firewall policy - Chain INPUT
  • 3.5.3.2.1 Ensure default deny firewall policy - Chain OUTPUT
  • 3.5.3.3.1 Ensure IPv6 default deny firewall policy
  • 3.5.3.3.2 Ensure IPv6 loopback traffic is configured - input
  • 3.5.3.3.2 Ensure IPv6 loopback traffic is configured - output
  • 3.5.3.3.3 Ensure IPv6 outbound and established connections are configured
  • 3.5.3.3.4 Ensure IPv6 firewall rules exist for all open ports
  • 3.5.3.3.5 Ensure ip6tables rules are saved
  • 3.5.3.3.6 Ensure ip6tables is enabled and running - enabled
  • 3.5.3.3.6 Ensure ip6tables is enabled and running - running
Miscellaneous
  • Metadata updated.
  • References updated.