Navigate

Check: RHEL-06-000116

Red Hat Enterprise Linux 6 STIG: RHEL-06-000116 (in versions v2 r2 through v1 r14)

Title

The operating system must connect to external networks or information systems only through managed IPv4 interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture. (Cat II impact)

Discussion

The "iptables" service provides the system's host-based firewalling capability for IPv4 and ICMP.

Check Content

If the system is a cross-domain system, this is not applicable. Run the following command to determine the current status of the "iptables" service: # service iptables status If the service is not running, it should return the following: iptables: Firewall is not running. If the service is not running, this is a finding.

Fix Text

The "iptables" service can be enabled with the following commands: # chkconfig iptables on # service iptables start

Additional Identifiers

Rule ID: SV-217931r603264_rule

Vulnerability ID: V-217931

Group Title: SRG-OS-000480

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.
CCI-001098	The information system connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings
SC-7	Boundary Protection