The system must not be configured for network bridging.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22421 | GEN003619 | SV-45738r1_rule | Medium |
| Description |
|---|
| Some systems have the ability to bridge or switch frames (link-layer forwarding) between multiple interfaces. This can be useful in a variety of situations but, if enabled when not needed, has the potential to bypass network partitioning and security. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide | 2018-09-19 |
Details
| Check Text ( C-43101r1_chk ) |
|---|
| Verify the system is not configured for bridging. # ls /proc/sys/net/bridge If the directory exists, this is a finding. # lsmod | grep '^bridge ' If any results are returned, this is a finding. |
| Fix Text (F-39138r1_fix) |
|---|
| Configure the system to not use bridging. # rmmod bridge Edit /etc/modprobe.conf and add a line such as "install bridge /bin/false" to prevent the loading of the bridge module. |