Describe the Issue
Currently the ipv6 settings are only configured if ipv6 is declared in use. I think they should be set either way as auditing tools might throw an error if it isn't configured even if ipv6 isn't in use. It also prevents ipv6 being enabled in the future but this control not being changed. This is happening throughout the controls of 3.3.x. Example below:
Additionally, the var for ubtu22cis_sysctl_network_conf isn't set in defaults/main.yml resulting in it being empty. This should probably be set to /etc/sysctl.conf
Expected Behavior
ipv6 settings not being configured unless explicitly stated that ipv6 is in use.
Actual Behavior
ipv6 settings only run if the ubtu22cis_ipv6_required is true
Control(s) Affected
3.3.x
Possible Solution
Remove the conditional when: ubtu22cis_ipv6_required
Describe the Issue Currently the ipv6 settings are only configured if ipv6 is declared in use. I think they should be set either way as auditing tools might throw an error if it isn't configured even if ipv6 isn't in use. It also prevents ipv6 being enabled in the future but this control not being changed. This is happening throughout the controls of 3.3.x. Example below:
Additionally, the var for
ubtu22cis_sysctl_network_conf
isn't set indefaults/main.yml
resulting in it being empty. This should probably be set to/etc/sysctl.conf
Expected Behavior ipv6 settings not being configured unless explicitly stated that ipv6 is in use.
Actual Behavior ipv6 settings only run if the
ubtu22cis_ipv6_required
istrue
Control(s) Affected 3.3.x
Possible Solution Remove the conditional
when: ubtu22cis_ipv6_required