From 75ed748603de013c45717ae1c8c9cf0fcd63d9ed Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Sat, 20 Jun 2015 11:43:28 +0200 Subject: [PATCH 1/2] feature: implement ipv6 router advertisement settings as defined in https://github.com/hardening-io/tests-os-hardening/pull/29 --- attributes/sysctl.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/attributes/sysctl.rb b/attributes/sysctl.rb index 13cd0772..0e8bfdcb 100644 --- a/attributes/sysctl.rb +++ b/attributes/sysctl.rb @@ -134,6 +134,14 @@ default['sysctl']['params']['net']['ipv6']['conf']['default']['dad_transmits'] = 0 default['sysctl']['params']['net']['ipv6']['conf']['default']['max_addresses'] = 1 +# Disable acceptance of router advertisements +# +# * **0** - do not accept router advertisements. +# * **1** - accept router advertisements if forwarding is disabled +# * **2** - accept router advertisements even if forwarding is enabled +default['sysctl']['params']['net']['ipv6']['conf']['all']['accept_ra'] = 0 +default['sysctl']['params']['net']['ipv6']['conf']['default']['accept_ra'] = 0 + # System # ------ From e44ad6af451fad1b4bb9a97418e3782acc905c25 Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Sat, 20 Jun 2015 12:15:53 +0200 Subject: [PATCH 2/2] fix lint errors --- attributes/sysctl.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/attributes/sysctl.rb b/attributes/sysctl.rb index 0e8bfdcb..b6250262 100644 --- a/attributes/sysctl.rb +++ b/attributes/sysctl.rb @@ -135,8 +135,8 @@ default['sysctl']['params']['net']['ipv6']['conf']['default']['max_addresses'] = 1 # Disable acceptance of router advertisements -# -# * **0** - do not accept router advertisements. +# +# * **0** - do not accept router advertisements # * **1** - accept router advertisements if forwarding is disabled # * **2** - accept router advertisements even if forwarding is enabled default['sysctl']['params']['net']['ipv6']['conf']['all']['accept_ra'] = 0