SCA check to check if IPv6 is disabled

86 views
Skip to first unread message

Sujith Poojari

unread,
Oct 4, 2021, 1:52:59 AM10/4/21
to Wazuh mailing list
Hi All,

I am trying to put a custom SCA check to ensure that IPv6 is disabled on Linux systems.

I am trying out this in the check. However, I am getting the check as failed even when the term is present in grub.

Is this the right syntax to place the check? I tried different combinations with spaces removed and added. Tried literal match instead of expression match but I get the same result.

      - 'f:/etc/default/grub -> r:^ipv6.disable\s*=\s*1$'

Francis Timilehin Jeremiah

unread,
Oct 4, 2021, 12:47:37 PM10/4/21
to Wazuh mailing list
Hello Sujith,

If I get you right you need the regex match to check if IPv6 is disabled,
You can look at this,

'f:/etc/default/grub -> r:ipv6\.disable=1'

Check this out on more tips on how to use regex.

More on SCAs here.

Hope this helps!
Reply all
Reply to author
Forward
0 new messages