Add is_ipv6_disabled (#57)

Modify some checks to make it pass when ipv6 is diabled fix #50 modified: bin/hardening/3.1.1_disable_ipv6.sh modified: bin/hardening/3.3.1_disable_source_routed_packets.sh modified: bin/hardening/3.3.9_disable_ipv6_router_advertisement.sh modified: lib/utils.sh Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
2025-08-05 23:01:16 +02:00 · 2021-02-17 11:45:20 +01:00
parent 6ab1cab3ce
commit d1b371f410
4 changed files with 36 additions and 24 deletions
--- a/lib/utils.sh
+++ b/lib/utils.sh
@@ -46,6 +46,30 @@ set_sysctl_param() {
    fi
 }

+#
+# IPV6
+#
+
+is_ipv6_enabled() {
+    SYSCTL_PARAMS='net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.lo.disable_ipv6=1'
+
+    does_sysctl_param_exists "net.ipv6"
+    local ENABLE=1
+    if [ "$FNRET" = 0 ]; then
+        for SYSCTL_VALUES in $SYSCTL_PARAMS; do
+            SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
+            SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
+            debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
+            has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
+            if [ "$FNRET" != 0 ]; then
+                crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
+                ENABLE=0
+            fi
+        done
+    fi
+    FNRET=$ENABLE
+}
+
 #
 # Dmesg
 #