elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-06-24 03:24:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add is_ipv6_disabled (#57)

Browse Source 
Modify some checks to make it pass when ipv6 is diabled

fix #50

	modified:   bin/hardening/3.1.1_disable_ipv6.sh
	modified:   bin/hardening/3.3.1_disable_source_routed_packets.sh
	modified:   bin/hardening/3.3.9_disable_ipv6_router_advertisement.sh
	modified:   lib/utils.sh

Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
This commit is contained in:
Thibault Ayanides
2021-02-17 11:45:20 +01:00
committed by GitHub
parent 6ab1cab3ce
commit d1b371f410
4 changed files with 36 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
bin/hardening/3.3.9_disable_ipv6_router_advertisement.sh
View File

@ -21,10 +21,8 @@ SYSCTL_PARAMS='net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.default.accept_ra=0'
# This function will be called if the script status is on enabled / audit mode
audit() {
does_sysctl_param_exists "net.ipv6"
if [ "$FNRET" != 0 ]; then
ok "ipv6 is disabled"
else
is_ipv6_enabled
if [ "$FNRET" = 0 ]; then
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
@ -38,15 +36,15 @@ audit() {
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi
done
else
ok "ipv6 disabled"
fi
}
# This function will be called if the script status is on enabled mode
apply() {
does_sysctl_param_exists "net.ipv6"
if [ "$FNRET" != 0 ]; then
ok "ipv6 is disabled"
else
is_ipv6_enabled
if [ "$FNRET" = 0 ]; then
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
@ -62,6 +60,8 @@ apply() {
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi
done
else
ok "ipv6 disabled"
fi
}