Detections
Analytics
GEN007820 - The system must not have IP tunnels configured - 'lstun -a'
Information
IP tunneling mechanisms can be used to bypass network filtering.Solution
Remove the configuration for any IP tunnels from the system.Remove tunnels listed with the lstun command.
#rmtun -t <Tunnel id> -d
Remove the tunneled IP interfaces.
#ifconfig <if name> detach
#rmdev -Rdl <if name>
See Also
http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip
Item Details
Audit Name: DISA AIX 5.3 STIG v1r2
Category: SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|SC-7(7), CAT|II, CCI|CCI-001551, Rule-ID|SV-38929r1_rule, STIG-ID|GEN007820, Vuln-ID|V-22547
Plugin: Unix
Control ID: 8cf33e80d892b9a5422d1a51903cb299c9c6e0cebfd6f7d0ac144534c41a8816