Check: GEN005610
Solaris 9 X86 STIG:
GEN005610
(in version v1 r9)
Title
The system must not have IP forwarding for IPv6 enabled, unless the system is an IPv6 router. (Cat II impact)
Discussion
If the system is configured for IP forwarding and is not a designated router, it could be used to bypass network security by providing a path for communication not filtered by network devices.
Check Content
Check if the system is configured for IPv6 forwarding. # ndd /dev/ip6 ip6_forwarding If the value is not 0, this is a finding.
Fix Text
Disable IPv6 forwarding. # ndd -set /dev/ip6 ip6_forwarding 0 Edit startup scripts as necessary; add this command or remove commands setting the value to 1.
Additional Identifiers
Rule ID: SV-26810r1_rule
Vulnerability ID: V-22491
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |