GEN007820 - The system must not have IP tunnels configured - 'lstun -a'

Information

IP tunneling mechanisms can be used to bypass network filtering.

Solution

Remove the configuration for any IP tunnels from the system.

Remove tunnels listed with the lstun command.
#rmtun -t <Tunnel id> -d

Remove the tunneled IP interfaces.
#ifconfig <if name> detach
#rmdev -Rdl <if name>

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-4, CAT|II, CCI|CCI-001551, Group-ID|V-22547, Rule-ID|SV-38929r1_rule, STIG-ID|GEN007820, Vuln-ID|V-22547

Plugin: Unix

Control ID: 9cc9f814d554fd099fb1d886a4239633383e35db137341717bf271e40a165b4d