UCF STIG Viewer Logo

The system must not be configured for network bridging.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22421 GEN003619 SV-64213r1_rule Medium
Description
Some systems have the ability to bridge or switch frames (link-layer forwarding) between multiple interfaces. This can be useful in a variety of situations but, if enabled when not needed, has the potential to bypass network partitioning and security.
STIG Date
Oracle Linux 5 Security Technical Implementation Guide 2020-02-25

Details

Check Text ( C-52669r1_chk )
Verify the system is not configured for bridging.
# ls /proc/sys/net/bridge
If the directory exists, this is a finding.
# lsmod | grep '^bridge '
If any results are returned, this is a finding.

Fix Text: Configure the system to not use bridging.
Fix Text (F-54823r1_fix)
Configure the system to not use bridging.
# rmmod bridge
Edit /etc/modprobe.conf and add a line such as "install bridge /bin/false" to prevent the loading of the bridge module.