Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Logic for IPv6 disable #90

Closed
agbrowne opened this issue Aug 21, 2023 · 2 comments
Closed

Logic for IPv6 disable #90

agbrowne opened this issue Aug 21, 2023 · 2 comments
Assignees
Labels
bug Something isn't working

Comments

@agbrowne
Copy link

agbrowne commented Aug 21, 2023

Describe the Issue
When the variable 'rhel9cis_ipv6_required' is set to 'false', IPv6 does not get disabled

Expected Behavior
Setting 'rhel9cis_ipv6_required' should disable IPv6

Actual Behavior
The file /etc/systctl.d/60-disable_ipv6.conf should have the following lines added to it by the Ansible playbook run...

net.ipv6.conf.all.disable_ipv6 = 1 
net.ipv6.conf.default.disable_ipv6 = 1

This is not happening because the logic in the template 'templates/etc/sysctl.d/60-disable_ipv6.conf.j2' is wrong. Ths logic currently reads...

{% if rhel9cis_rule_3_1_1 and rhel9cis_ipv6_required %}
net.ipv6.conf.all.disable_ipv6 = 1 
net.ipv6.conf.default.disable_ipv6 = 1
{% endif %}

...when it should actually read...

{% if rhel9cis_rule_3_1_1 and not rhel9cis_ipv6_required %}
net.ipv6.conf.all.disable_ipv6 = 1 
net.ipv6.conf.default.disable_ipv6 = 1
{% endif %}

Control(s) Affected
Disabling of IPv6

Environment (please complete the following information):

  • branch being used: main
  • Ansible Version: 2.15.2
  • Host Python Version: 3.9.16
  • Ansible Server Python Version: 3.9.16
  • Additional Details:

Additional Notes
Anything additional goes here

Possible Solution
Change the template 'templates/etc/sysctl.d/60-disable_ipv6.conf.j2' so that it has the correct logic.

@agbrowne agbrowne added the bug Something isn't working label Aug 21, 2023
@uk-bolly uk-bolly self-assigned this Sep 6, 2023
@uk-bolly
Copy link
Member

uk-bolly commented Sep 6, 2023

hi @agbrowne

Thank you for taking the time to feedback on the rhel9-cis repo. This is indeed a great catch and i am currently addressing this issue in a new branch. Hoping to get merged later this week all being well.

many thanks

uk-bolly

@uk-bolly uk-bolly mentioned this issue Sep 6, 2023
@uk-bolly
Copy link
Member

hi @agbrowne

This issue has now been merged. Could you let us know if this resolves the issue you are seeing?

many thanks

uk-bolly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants