Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22541 | GEN007700 | SV-38918r1_rule | ECSC-1 | Medium |
Description |
---|
IPv6 is the next version of the Internet protocol. Binding this protocol to the network stack increases the attack surface of the host. |
STIG | Date |
---|---|
Draft AIX Security Technical Implementation Guide | 2011-08-17 |
Check Text ( C-37907r1_chk ) |
---|
AIX comes with IPv6 protocol handler installed and active. The only configured IPv6 address is the loopback localhost adapter. Check if any other interfaces have IPv6 addresses active. # ifconfig -a If any IPv6 addresses are configured on any network interfaces other than loopback and IPv6 is not needed, this is a finding. |
Fix Text (F-33165r1_fix) |
---|
Unbind the IPv6 protocol handler from the network stack. Edit /etc/rc.tcpip and comment out autoconf6 to prevent IPv6 from auto starting. Unconfigure IPv6 addresses from interfaces not used with smit. #smit chinet6 |