Check: GEN007820
HP-UX 11.23 STIG:
GEN007820
(in version v1 r8)
Title
The system must not have IP tunnels configured. (Cat II impact)
Discussion
IP tunneling mechanisms can be used to bypass network filtering.
Check Content
Examine the /etc/rc.config.d/netconf* files for any TUN_ configurations. # cat /etc/rc.config.d/netconf* | tr '\011' ' ' | tr -s ' ' | \ sed -e 's/^[ \t]*//' | grep -v "^#" |grep '^TUN_' If this configuration is found, this is a finding.
Fix Text
Edit the /etc/rc.config.d/netconf* files and remove the tunnel configurations.
Additional Identifiers
Rule ID: SV-26928r1_rule
Vulnerability ID: V-22547
Group Title: GEN007820
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-001551 |
The organization defines approved authorizations for controlling the flow of information between interconnected systems. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AC-4 |
Information Flow Enforcement |