Revision 1.4May 10, 2021
Functional Update
- 1.4.2 Ensure filesystem integrity is regularly checked
- 3.2.1 Ensure IP forwarding is disabled - ipv6 files
- 3.2.1 Ensure IP forwarding is disabled - ipv6 sysctl
- 3.3.1 Ensure source routed packets are not accepted - 'net.ipv6.conf.all.accept_source_route = 0'
- 3.3.1 Ensure source routed packets are not accepted - 'net.ipv6.conf.default.accept_source_route = 0'
- 3.3.1 Ensure source routed packets are not accepted - files 'net.ipv6.conf.all.accept_source_route = 0'
- 3.3.1 Ensure source routed packets are not accepted - files 'net.ipv6.conf.default.accept_source_route = 0'
- 3.3.2 Ensure ICMP redirects are not accepted - 'net.ipv6.conf.all.accept_redirects = 0'
- 3.3.2 Ensure ICMP redirects are not accepted - 'net.ipv6.conf.default.accept_redirects = 0'
- 3.3.2 Ensure ICMP redirects are not accepted - files 'net.ipv6.conf.all.accept_redirects = 0'
- 3.3.2 Ensure ICMP redirects are not accepted - files 'net.ipv6.conf.default.accept_redirects = 0'
- 3.3.9 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.all.accept_ra = 0'
- 3.3.9 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.default.accept_ra = 0'
- 3.3.9 Ensure IPv6 router advertisements are not accepted - files 'net.ipv6.conf.all.accept_ra = 0'
- 3.3.9 Ensure IPv6 router advertisements are not accepted - files 'net.ipv6.conf.default.accept_ra = 0'
- 3.5.2.7 Ensure loopback traffic is configured - ip6 saddr
- 3.5.3.2.1 Ensure default deny firewall policy - Chain FORWARD
- 3.5.3.2.1 Ensure default deny firewall policy - Chain INPUT
- 3.5.3.2.1 Ensure default deny firewall policy - Chain OUTPUT
- 3.5.3.3.1 Ensure IPv6 default deny firewall policy
- 3.5.3.3.2 Ensure IPv6 loopback traffic is configured - input
- 3.5.3.3.2 Ensure IPv6 loopback traffic is configured - output
- 3.5.3.3.3 Ensure IPv6 outbound and established connections are configured
- 3.5.3.3.4 Ensure IPv6 firewall rules exist for all open ports
- 3.5.3.3.5 Ensure ip6tables rules are saved
- 3.5.3.3.6 Ensure ip6tables is enabled and running - enabled
- 3.5.3.3.6 Ensure ip6tables is enabled and running - running
Miscellaneous
- Metadata updated.
- References updated.