STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-230542r627750_rule
V-230542
SRG-OS-000480-GPOS-00227
RHEL-08-040262
CAT II
10
Configure RHEL 8 to not accept router advertisements on all IPv6 interfaces by default unless the system is a router with the following commands:
$ sudo sysctl -w net.ipv6.conf.default.accept_ra=0
If "0" is not the system's default value then add or update the following lines in the appropriate file under "/etc/sysctl.d":
net.ipv6.conf.default.accept_ra=0
Verify RHEL 8 does not accept router advertisements on all IPv6 interfaces by default, unless the system is a router.
Note: If IPv6 is disabled on the system, this requirement is not applicable.
Check to see if router advertisements are not accepted by default by using the following command:
$ sudo sysctl net.ipv6.conf.default.accept_ra
net.ipv6.conf.default.accept_ra = 0
If the "accept_ra" value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
V-230542
False
RHEL-08-040262
Verify RHEL 8 does not accept router advertisements on all IPv6 interfaces by default, unless the system is a router.
Note: If IPv6 is disabled on the system, this requirement is not applicable.
Check to see if router advertisements are not accepted by default by using the following command:
$ sudo sysctl net.ipv6.conf.default.accept_ra
net.ipv6.conf.default.accept_ra = 0
If the "accept_ra" value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
M
2921