[PVE-User] CIS Benchmark Fails - Lucas Gabriel Salvatierra

public inbox for pve-user@lists.proxmox.com
 help / color / mirror / Atom feed

From: Lucas Gabriel Salvatierra <lucas.salvatierra@edgeuno.com>
To: pve-user@lists.proxmox.com
Subject: [PVE-User] CIS Benchmark Fails
Date: Fri, 27 Aug 2021 13:47:08 -0300	[thread overview]
Message-ID: <cd2ed6ec-b08d-539c-009d-61a2224a8962@edgeuno.com> (raw)

Hello! I have found the following CIS Benchmark fails on PVE:

    2576 - Disable IPv6

Shouldn't PVE have IPv6 disabled by default, and only as an option for those who use it?

    2578 - Ensure packet redirect sending is disabled
    2579 - Ensure IP forwarding is disabled
    2580 - Ensure source routed packets are not accepted
    2581 - Ensure ICMP redirects are not accepted
    2582 - Ensure secure ICMP redirects are not accepted

Furthermore, is packet redirecting required to be enabled by default? Wouldn't this potentially turn PVE into an attack vector?

Cheers

“This communication is the property of EdgeUno or one of its group companies and/or affiliates. This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and if you are not the intended recipient be aware that any non-explicitly authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, and will be considered a criminal offense. Please notify legal@edgeuno.com about the unintended receipt of this electronic message and delete it.”

                 reply	other threads:[~2021-08-27 16:47 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cd2ed6ec-b08d-539c-009d-61a2224a8962@edgeuno.com \
    --to=lucas.salvatierra@edgeuno.com \
    --cc=pve-user@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal