Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22541 | GEN007700 | SV-45980r1_rule | ECSC-1 | Medium |
Description |
---|
IPv6 is the next version of the Internet protocol. Binding this protocol to the network stack increases the attack surface of the host. |
STIG | Date |
---|---|
SUSE Linux Enterprise Server v11 for System z | 2015-01-26 |
Check Text ( C-43262r1_chk ) |
---|
Use the ifconfig command to determine if any network interface has an IPv6 address bound to it: # /sbin/ifconfig | grep inet6 If any lines are returned that indicate IPv6 is active and the system does not need IPv6, this is a finding. |
Fix Text (F-39345r2_fix) |
---|
Remove the capability to use IPv6 protocol handler. Procedure: Update the variable “IPV6_DISABLE” using YaST in the /etc/sysconfig editor under the ‘System’ > ‘Kernel’ tree. Setting this variable to “YES” deactivates IPv6 at boot time. Reboot the system to implement the change. NOTE: This change may affect other software product(s) that have their own IPv6 configuration settings. |