Navigate

Check: GEN005610

Solaris 10 X86 STIG: GEN005610 (in versions v2 r4 through v1 r17)

Title

The system must not have IP forwarding for IPv6 enabled, unless the system is an IPv6 router. (Cat II impact)

Discussion

If the system is configured for IP forwarding and is not a designated router, it could be used to bypass network security by providing a path for communication not filtered by network devices.

Check Content

Check if the system is configured for IPv6 forwarding. # ndd /dev/ip6 ip6_forwarding If the value is not 0, this is a finding.

Fix Text

Disable IPv6 forwarding. # ndd -set /dev/ip6 ip6_forwarding 0 Edit startup scripts as necessary; add this command or remove commands setting the value to 1.

Additional Identifiers

Rule ID: SV-220110r603266_rule

Vulnerability ID: V-220110

Group Title: SRG-OS-000480

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings