Check: GEN005610
HP-UX 11.23 STIG:
GEN005610
(in version v1 r8)
Title
The system must not have IP forwarding for IPv6 enabled, unless the system is an IPv6 router. (Cat II impact)
Discussion
If the system is configured for IP forwarding and is not a designated router, it could be used to bypass network security by providing a path for communication not filtered by network devices.
Check Content
Check if the system is configured for IPv6 forwarding. # ndd -get /dev/ip6 ip6_forwarding If ip6_forwarding is set to 1, this is a finding.
Fix Text
Disable IPv6 forwarding: # ndd -set /dev/ip6 ip6_forwarding 0 Edit /etc/rc.config.d/nddconf: TRANSPORT_NAME[index]=ip6 NDD_NAME[index]=ip6_forwarding NDD_VALUE[index]=0 Where: index is the next available integer value of the nddconf file. n is a number: either 1 to turn the feature ON or 0 to turn it OFF.
Additional Identifiers
Rule ID: SV-26811r1_rule
Vulnerability ID: V-22491
Group Title: GEN005610
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |