Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22541 | GEN007700 | SV-38918r1_rule | ECSC-1 | Medium |
Description |
---|
IPv6 is the next version of the Internet protocol. Binding this protocol to the network stack increases the attack surface of the host. |
STIG | Date |
---|---|
AIX 5.3 Security Technical Implementation Guide | 2013-03-26 |
Check Text ( C-37907r1_chk ) |
---|
AIX comes with IPv6 protocol handler installed and active. The only configured IPv6 address is the loopback localhost adapter. Check if any other interfaces have IPv6 addresses active. # ifconfig -a If any IPv6 addresses are configured on any network interfaces other than loopback and IPv6 is not needed, this is a finding. |
Fix Text (F-33165r1_fix) |
---|
Unbind the IPv6 protocol handler from the network stack. Edit /etc/rc.tcpip and comment out autoconf6 to prevent IPv6 from auto starting. Unconfigure IPv6 addresses from interfaces not used with smit. #smit chinet6 |