UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IPv6 protocol handler must not be bound to the network stack unless needed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38546 RHEL-06-000098 SV-50347r2_rule Medium
Description
Any unnecessary network stacks - including IPv6 - should be disabled, to reduce the vulnerability to exploitation.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2015-09-09

Details

Check Text ( None )
None
Fix Text (F-43494r2_fix)
To prevent the IPv6 kernel module ("ipv6") from binding to the IPv6 networking stack, add the following line to "/etc/modprobe.d/disabled.conf" (or another file in "/etc/modprobe.d"):

options ipv6 disable=1

This permits the IPv6 module to be loaded (and thus satisfy other modules that depend on it), while disabling support for the IPv6 protocol.