elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-07-15 13:22:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: ipv6_is_enabled related checks

Browse Source 
fix issue #251 : https://github.com/ovh/debian-cis/issues/251

the 'is_ipv6_enabled' function was doing some 'crit' actions, which is not the expected behaviour: we don't want to fail if ipv6 is enabled, it is just an infor that checks are going to use.

Also, it was overriding the SYSCTL_PARAMS that could have been defined in the checks.
This commit is contained in:
Damien Cavagnini
2025-07-03 10:44:04 +02:00
parent 6123a56653
commit 7c9f4c4fa0
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/utils.sh
View File

@ -53,7 +53,7 @@ set_sysctl_param() {
# #
is_ipv6_enabled() { is_ipv6_enabled() {
SYSCTL_PARAMS='net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.lo.disable_ipv6=1' local SYSCTL_PARAMS='net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.lo.disable_ipv6=1'
does_sysctl_param_exists "net.ipv6" does_sysctl_param_exists "net.ipv6"
local ENABLE=1 local ENABLE=1
@ -64,7 +64,9 @@ is_ipv6_enabled() {
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" # we don't want to fail because ipv6 is enabled
# it's just an info that some scripts are going to use to decide what to do
info "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
ENABLE=0 ENABLE=0
fi fi
done done