GEN007820 - The system must not have IP tunnels configured - '/sbin/ip -6 tun list'

Information

IP tunneling mechanisms can be used to bypass network filtering.

Solution

Remove the tunnels.
# ip tun del <tunnel>
Edit system startup scripts to prevent tunnel creation on startup.

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-4, CAT|II, CCI|CCI-001551, Group-ID|V-22547, Rule-ID|SV-37613r1_rule, STIG-ID|GEN007820, Vuln-ID|V-22547

Plugin: Unix

Control ID: 4e30bf73725c5cb2b680e11a48ecfddb9a298114e4044b1f7855af6d85e979b8