Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IPv6 protocol handler must not be bound to the network stack unless needed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22541 | GEN007700 | SV-63431r1_rule | ECSC-1 | Medium |
| Description |
|---|
| IPv6 is the next version of the Internet protocol. Binding this protocol to the network stack increases the attack surface of the host. |
| STIG | Date |
|---|---|
| Oracle Linux 5 Security Technical Implementation Guide | 2015-03-26 |
Details
| Check Text ( C-52137r1_chk ) |
|---|
| If the IPv6 protocol handler is bound to the network stack, and the system does not need IPv6, this is a finding. # grep NETWORKING_IPV6 /etc/sysconfig/network If the line is set to "yes", this is a finding. |
| Fix Text (F-54041r2_fix) |
|---|
| Remove the capability to use IPv6 protocol handler. Procedure: Edit /etc/sysconfig/network and change NETWORKING_IPV6=yes to NETWORKING_IPV6=no Edit /etc/modprobe.conf and add these lines (if they are not in it): alias net-pf-10 off alias ipv6 off Stop the ipv6tables service by typing: service ip6tables stop Disable the ipv6tables service by typing: chkconfig ip6tables off Remove the ipv6 kernel module # rmmod ipv6 Reboot |