UCF STIG Viewer Logo

The system must not have IP tunnels configured.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22547 GEN007820 SV-37613r1_rule ECSC-1 Medium
Description
IP tunneling mechanisms can be used to bypass network filtering.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2017-03-01

Details

Check Text ( C-36809r1_chk )
Check for any IP tunnels.
# ip tun list
# ip -6 tun list
If any tunnels are listed, this is a finding.

Fix Text (F-31648r1_fix)
Remove the tunnels.
# ip tun del
Edit system startup scripts to prevent tunnel creation on startup.