Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22421 | GEN003619 | SV-45738r1_rule | Medium |
Description |
---|
Some systems have the ability to bridge or switch frames (link-layer forwarding) between multiple interfaces. This can be useful in a variety of situations but, if enabled when not needed, has the potential to bypass network partitioning and security. |
STIG | Date |
---|---|
SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide | 2018-09-19 |
Check Text ( C-43101r1_chk ) |
---|
Verify the system is not configured for bridging. # ls /proc/sys/net/bridge If the directory exists, this is a finding. # lsmod | grep '^bridge ' If any results are returned, this is a finding. |
Fix Text (F-39138r1_fix) |
---|
Configure the system to not use bridging. # rmmod bridge Edit /etc/modprobe.conf and add a line such as "install bridge /bin/false" to prevent the loading of the bridge module. |