Navigate

Check: RHEL-06-000106

Red Hat Enterprise Linux 6 STIG: RHEL-06-000106 (in versions v2 r2 through v1 r14)

Title

The operating system must connect to external networks or information systems only through managed IPv6 interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture. (Cat II impact)

Discussion

The "ip6tables" service provides the system's host-based firewalling capability for IPv6 and ICMPv6.

Check Content

If the system is a cross-domain system, this is not applicable. If IPV6 is disabled, this is not applicable. Run the following command to determine the current status of the "ip6tables" service: # service ip6tables status If the service is not running, it should return the following: ip6tables: Firewall is not running. If the service is not running, this is a finding.

Fix Text

The "ip6tables" service can be enabled with the following commands: # chkconfig ip6tables on # service ip6tables start

Additional Identifiers

Rule ID: SV-217928r603264_rule

Vulnerability ID: V-217928

Group Title: SRG-OS-000480

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.
CCI-001098	The information system connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings
SC-7	Boundary Protection