--- Begin Message ---
Hi,
Please disregard any tool that advices you to disable IPv6 anno 2021.
--
Mark Schouten
CTO, Tuxis B.V. | https://www.tuxis.nl/
<[email protected]> | +31 318 200208
From: Lucas Gabriel Salvatierra <[email protected]>
To: <[email protected]>
Sent: 2021-08-27 18:47
Subject: [PVE-User] CIS Benchmark Fails
Hello! I have found the following CIS Benchmark fails on PVE:
2576 - Disable IPv6
Shouldn't PVE have IPv6 disabled by default, and only as an option for those
who use it?
2578 - Ensure packet redirect sending is disabled
2579 - Ensure IP forwarding is disabled
2580 - Ensure source routed packets are not accepted
2581 - Ensure ICMP redirects are not accepted
2582 - Ensure secure ICMP redirects are not accepted
Furthermore, is packet redirecting required to be enabled by default? Wouldn't
this potentially turn PVE into an attack vector?
Cheers
“This communication is the property of EdgeUno or one of its group companies
and/or affiliates. This electronic message contains information which may be
privileged or confidential. The information is intended to be for the exclusive
use of the individual(s) named above and if you are not the intended recipient
be aware that any non-explicitly authorized disclosure, copying, distribution
or use of the contents of this information, even if partially, including
attached files, is strictly prohibited, and will be considered a criminal
offense. Please notify [email protected] about the unintended receipt of this
electronic message and delete it.”
_______________________________________________
pve-user mailing list
[email protected]
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
--- End Message ---
_______________________________________________
pve-user mailing list
[email protected]
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
