Navigate

Check: GEN003619

SUSE Linux Enterprise Server v11 for System z STIG: GEN003619 (in versions v1 r12 through v1 r9)

Title

The system must not be configured for network bridging. (Cat II impact)

Discussion

Some systems have the ability to bridge or switch frames (link-layer forwarding) between multiple interfaces. This can be useful in a variety of situations but, if enabled when not needed, has the potential to bypass network partitioning and security.

Check Content

Verify the system is not configured for bridging. # ls /proc/sys/net/bridge If the directory exists, this is a finding. # lsmod | grep '^bridge ' If any results are returned, this is a finding.

Fix Text

Configure the system to not use bridging. # rmmod bridge Edit /etc/modprobe.conf and add a line such as "install bridge /bin/false" to prevent the loading of the bridge module.

Additional Identifiers

Rule ID: SV-45738r1_rule

Vulnerability ID: V-22421

Group Title: GEN003619

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001551	The organization defines approved authorizations for controlling the flow of information between interconnected systems.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-4	Information Flow Enforcement