On Friday 21 March 2008 10:02:04 Chuck Anderson wrote: > > This is the guidance I'm passing out in our security documents: > > > > 1) Create a file /etc/modprobe.d/no-ipv6 > > 2) Add inside it > > install ipv6 /bin/true > > 3) Close up and reboot > > Why not just firewall it? The whole idea is to reduce the attack surface of linux. What if there is a vulnerability in the ipv6 code between the ethernet card and iptables? What if you protect it from external abuse but there is still a privilege escalation attack for local users? Its best to just get rid of it if you do not need it. -Steve -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
