Hello! I have found the following CIS Benchmark fails on PVE:
2576 - Disable IPv6 Shouldn't PVE have IPv6 disabled by default, and only as an option for those who use it? 2578 - Ensure packet redirect sending is disabled 2579 - Ensure IP forwarding is disabled 2580 - Ensure source routed packets are not accepted 2581 - Ensure ICMP redirects are not accepted 2582 - Ensure secure ICMP redirects are not accepted Furthermore, is packet redirecting required to be enabled by default? Wouldn't this potentially turn PVE into an attack vector? Cheers “This communication is the property of EdgeUno or one of its group companies and/or affiliates. This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and if you are not the intended recipient be aware that any non-explicitly authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, and will be considered a criminal offense. Please notify [email protected] about the unintended receipt of this electronic message and delete it.” _______________________________________________ pve-user mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
