Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-72317 | RHEL-07-040820 | SV-86941r1_rule | Medium |
Description |
---|
IP tunneling mechanisms can be used to bypass network filtering. If tunneling is required, it must be documented with the Information System Security Officer (ISSO). |
STIG | Date |
---|---|
Red Hat Enterprise Linux 7 Security Technical Implementation Guide | 2017-07-08 |
Check Text ( C-72551r1_chk ) |
---|
Verify the system does not have unauthorized IP tunnels configured. Check to see if "libreswan" is installed with the following command: # yum list installed libreswan openswan-2.6.32-27.el6.x86_64 If "libreswan" is installed, check to see if the "IPsec" service is active with the following command: # systemctl status ipsec ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec Loaded: loaded (/usr/lib/systemd/system/ipsec.service; disabled) Active: inactive (dead) If the "IPsec" service is active, check to see if any tunnels are configured in "/etc/ipsec.conf" and "/etc/ipsec.d/" with the following commands: # grep -i conn /etc/ipsec.conf conn mytunnel # grep -i conn /etc/ipsec.d/*.conf conn mytunnel If there are indications that a "conn" parameter is configured for a tunnel, ask the System Administrator if the tunnel is documented with the ISSO. If "libreswan" is installed, "IPsec" is active, and an undocumented tunnel is active, this is a finding. |
Fix Text (F-78671r1_fix) |
---|
Remove all unapproved tunnels from the system, or document them with the ISSO. |