Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IPv6 protocol handler must not be bound to the network stack unless needed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22541 | GEN007700 | SV-42321r1_rule | ECSC-1 | Medium |
| Description |
|---|
| IPv6 is the next version of the Internet protocol. Binding this protocol to the network stack increases the attack surface of the host. |
| STIG | Date |
|---|---|
| SOLARIS 9 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2015-10-01 |
Details
| Check Text ( C-40653r2_chk ) |
|---|
| Ask the SA if the system is on an IPv6 network. If so, this is not applicable. Verify there are no IPv6 addresses bound to network interfaces. # ifconfig -a6 If there are any IPv6 addresses bound to network interfaces, this is a finding. Verify the IPv6 Neighbor Discovery Protocol (NDP) daemon is not running. # ps -ef | grep in.ndp If the NDP daemon is running, this is a finding. |
| Fix Text (F-35955r1_fix) |
|---|
| Disable the IPv6 Neighbor Discovery Protocol daemon. # svcadm disable ndp Remove all IPv6 addresses from network interfaces. Perform the following for every interface with an IPv6 address bound to it. # ifconfig < interface > inet6 down unplumb Remove all IPv6 network interface configuration. # rm /etc/hostname6.* |