Check: GEN007820
HP-UX 11.31 STIG:
GEN007820
(in versions v1 r19 through v1 r13)
Title
The system must not have IP tunnels configured. (Cat II impact)
Discussion
IP tunneling mechanisms can be used to bypass network filtering.
Check Content
Examine the /etc/rc.config.d/netconf* files for any TUN_ configurations. # cat /etc/rc.config.d/netconf* | tr '\011' ' ' | tr -s ' ' | \ sed -e 's/^[ \t]*//' | grep -v "^#" |grep '^TUN_' If this configuration is found, this is a finding.
Fix Text
Edit the /etc/rc.config.d/netconf* files and remove the tunnel configurations.
Additional Identifiers
Rule ID: SV-26928r1_rule
Vulnerability ID: V-22547
Group Title: GEN007820
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-001551 |
The organization defines approved authorizations for controlling the flow of information between interconnected systems. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AC-4 |
Information Flow Enforcement |