Navigate

Check: RHEL-06-000103

Red Hat Enterprise Linux 6 STIG: RHEL-06-000103 (in versions v2 r2 through v1 r14)

Title

The system must employ a local IPv6 firewall. (Cat II impact)

Discussion

The "ip6tables" service provides the system's host-based firewalling capability for IPv6 and ICMPv6.

Check Content

If the system is a cross-domain system, this is not applicable. If IPv6 is disabled, this is not applicable. Run the following command to determine the current status of the "ip6tables" service: # service ip6tables status If the service is not running, it should return the following: ip6tables: Firewall is not running. If the service is not running, this is a finding.

Fix Text

The "ip6tables" service can be enabled with the following commands: # chkconfig ip6tables on # service ip6tables start

Additional Identifiers

Rule ID: SV-217927r603264_rule

Vulnerability ID: V-217927

Group Title: SRG-OS-000480

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.
CCI-001118	The information system implements host-based boundary protection mechanisms for servers, workstations, and mobile devices.
CCI-002406	The organization implements organization-defined host-based boundary protection mechanisms at organization-defined information system components.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings
SC-7 (12)	Host-Based Protection