Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The SLES for vRealize must not have 6to4 enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-89683 | VRAU-SL-000660 | SV-100333r1_rule | Medium |
| Description |
|---|
| 6to4 is an IPv6 transition mechanism that involves tunneling IPv6 packets encapsulated in IPv4 packets on an ad-hoc basis. This is not a preferred transition strategy and increases the attack surface of the system. |
| STIG | Date |
|---|---|
| VMware vRealize Automation 7.x SLES Security Technical Implementation Guide | 2018-10-12 |
Details
| Check Text ( C-89375r1_chk ) |
|---|
| Check the SLES for vRealize for any active "6to4" tunnels without specific remote addresses: # ip tun list | grep "remote any" | grep "ipv6/ip" If any results are returned the "tunnel" is the first field. If any results are returned, this is a finding. |
| Fix Text (F-96425r1_fix) |
|---|
| Disable the active 6to4 tunnel: # ip link set Add this command to a startup script, or remove the configuration creating the tunnel. |