Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-38546 | RHEL-06-000098 | SV-50347r3_rule | Medium |
Description |
---|
Any unnecessary network stacks - including IPv6 - should be disabled, to reduce the vulnerability to exploitation. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2016-07-22 |
Check Text ( None ) |
---|
None |
Fix Text (F-43494r3_fix) |
---|
To prevent the IPv6 kernel module ("ipv6") from binding to the IPv6 networking stack, add the following line to "/etc/modprobe.d/disabled.conf" (or another file in "/etc/modprobe.d"): options ipv6 disable=1 This permits the IPv6 module to be loaded (and thus satisfy other modules that depend on it), while disabling support for the IPv6 protocol. Or add the following line to "/etc/sysctl.conf" to unhook the module: net.ipv6.conf.all.disable_ipv6 = 1 |