bugfix: add missing: ipv6 accept_ra = 0

arlimus · Dominik Richter · commit e829dfb662e1 · 2015-05-28T02:03:12.000+02:00
This was uncovered by @igoraj at dev-sec/puppet-os-hardening#56 .
diff --git a/default/serverspec/sysctl_spec.rb b/default/serverspec/sysctl_spec.rb
@@ -167,6 +167,14 @@
     its(:value) { should eq 0 }
   end
 
+  context linux_kernel_parameter('net.ipv6.conf.all.accept_ra') do
+    its(:value) { should eq 0 }
+  end
+
+  context linux_kernel_parameter('net.ipv6.conf.default.accept_ra') do
+    its(:value) { should eq 0 }
+  end
+
   context linux_kernel_parameter('net.ipv6.conf.default.autoconf') do
     its(:value) { should eq 0 }
   end
