3.1.1 Disable IPv6

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Although IPv6 has many advantages over IPv4, not all organizations have IPv6 or dual stack configurations implemented.

Rationale:

If IPv6 or dual stack is not to be used, it is recommended that IPv6 be disabled to reduce the attack surface of the system.

Solution

Edit /etc/default/grub and add ipv6.disable=1 to the GRUB_CMDLINE_LINUX parameters:

GRUB_CMDLINE_LINUX='ipv6.disable=1'

Run the following command to update the grub2 configuration:

# update-grub

See Also

https://workbench.cisecurity.org/files/2873

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7(9), CSCv6|3, CSCv6|9.1, CSCv6|11, CSCv7|9.4

Plugin: Unix

Control ID: bff24584f39322df0acc31c6f002c041767e418f10a44b6814ad716881d63ef1