Skip to content

3.1.1 Ensure IPv6 status is identified

Audit#

Run the following script to identify if IPv6 is enabled on the system: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
#!/usr/bin/env bash
{
l_output=""
! grep -Pqs -- '^\h*0\b' /sys/module/ipv6/parameters/disable && l_output="- IPv6 is not enabled"
if sysctl net.ipv6.conf.all.disable_ipv6 | grep -Pqs -- "^\h*net\.ipv6\.conf\.all\.disable_ipv6\h*=\h*1\b" && \sysctl net.ipv6.conf.default.disable_ipv6 | grep -Pqs -- "^\h*net\.ipv6\.conf\.default\.disable_ipv6\h*=\h*1\b"; then
l_output="- IPv6 is not enabled"
fi
[ -z "$l_output" ] && l_output="- IPv6 is enabled"
echo -e "\n$l_output\n"
}

Remediation#

Enable or disable IPv6 in accordance with system requirements and local site policy

Default Value:
IPv6 is enabled