Check: GEN005610
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE:
GEN005610
(in versions v1 r14 through v1 r10)
Title
The system must not have IP forwarding for IPv6 enabled, unless the system is an IPv6 router. (Cat II impact)
Discussion
If the system is configured for IP forwarding and is not a designated router, it could be used to bypass network security by providing a path for communication not filtered by network devices.
Check Content
# /usr/sbin/no -o ip6forwarding If the value returned is 1, this is a finding.
Fix Text
Disable IPv6 forwarding on the system. # /usr/sbin/no -p -o ip6forwarding=0
Additional Identifiers
Rule ID: SV-38822r1_rule
Vulnerability ID: V-22491
Group Title: GEN005610
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |