Comments (4)
@phanikumar1210 Thanks for raising this issue! Unfortunately I can't reproduce it with test-kitchen and vagrant in this repo, I tried:
- kitchen verify default-amazonlinux-1
- kitchen login
- sudo reboot
- wait a bit
- kitchen converge default-amazonlinux-1
Could you maybe check if you have something, what prevents loading of ipv6 kernel module?
E.g. you can try this:
grep -i ipv6 /etc/modprobe.d/*
if you get something like:
/etc/modprobe.d/disable-ipv6.conf:install ipv6 /bin/true
this would be the reason. The ipv6 module loading is prevented and its not loaded when the system starts, so the configuration namespace net.ipv6
isn't available in the kernel
from chef-os-hardening.
I am getting following response for grep -i ipv6 /etc/modprobe.d/*
/etc/modprobe.d/CIS.conf:options ipv6 disable=1
from chef-os-hardening.
Removing options ipv6 disable=1 option from /etc/modprobe.d/CIS.conf resolved the issue.
from chef-os-hardening.
Yeah, we also handle this requirement, but differently. The official recommended way is not to blacklist the IPv6 module (as it leads to different problems), but to use net.ipv6.conf.all.disable_ipv6
for that. I can't find the link anymore, but I remember this was some recommendation from RH and this option was introduced exactly to avoid the module blacklisting.
I'm closing this issue as it looks like the problem is resolved and not related to chef-os-hardening.
from chef-os-hardening.
Related Issues (20)
- Make a new release? HOT 3
- exec-shield incompatible with Oracle Linux UEK HOT 1
- Audit Daemon Fails on Amazon Linux 2 HOT 1
- execute[update-pam] resource fails on Ubuntu 14.04 on Azure HOT 6
- Failing centos 7 dokken tests in the CI
- Wrong OpenSuse /etc/shadow membership
- undefined method `sysctl' for cookbook: os-hardening HOT 3
- os-hardening::profile recipe creating pinerolo_profile.sh file with .old extension on each chef-client run
- idempotency issues: "check package signature in repo files" and "remove_suid_from_blacklists" HOT 1
- pam-auth-update --package prompts interactive debconf
- Chef warning when /bin/su is a symlink
- Configuration conflict when using both chef-ssh-hardening and chef-os-hardening HOT 2
- chef exec rake lint fails, foodcritic deprecated HOT 1
- pwquality.conf defaults or suggested config HOT 1
- Amazon Linux 2 Auditd fails to restart
- Linux Baseline tests are failing for os-13 HOT 1
- Support for RHEL 8 / Rocky Linux 8 HOT 3
- Dependency Dashboard
- Amazon ECS agent can't start after hardening runs HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chef-os-hardening.