The IPv6 protocol handler must not be bound to the network stack unless needed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-38546 | RHEL-06-000098 | SV-50347r2_rule | Medium |
| Description |
|---|
| Any unnecessary network stacks - including IPv6 - should be disabled, to reduce the vulnerability to exploitation. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2015-09-09 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-43494r2_fix) |
|---|
| To prevent the IPv6 kernel module ("ipv6") from binding to the IPv6 networking stack, add the following line to "/etc/modprobe.d/disabled.conf" (or another file in "/etc/modprobe.d"): options ipv6 disable=1 This permits the IPv6 module to be loaded (and thus satisfy other modules that depend on it), while disabling support for the IPv6 protocol. |