Check: AIX7-00-002066
IBM AIX 7.x STIG:
AIX7-00-002066
(in versions v2 r9 through v1 r1)
Title
AIX must not have IP forwarding for IPv6 enabled unless the system is an IPv6 router. (Cat II impact)
Discussion
If the system is configured for IP forwarding and is not a designated router, it could be used to bypass network security by providing a path for communication not filtered by network devices.
Check Content
From the command prompt, run the following command: # /usr/sbin/no -o ip6forwarding ip6forwarding = 0 If the value returned is not "0", this is a finding.
Fix Text
Disable IPv6 forwarding on the system: # /usr/sbin/no -p -o ip6forwarding=0
Additional Identifiers
Rule ID: SV-215265r508663_rule
Vulnerability ID: V-215265
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |