Detections
Analytics
GEN003619 - The system must not be configured for network bridging.
Information
Some systems have the ability to bridge or switch frames (link-layer forwarding) between multiple interfaces. This can be useful in a variety of situations but, if enabled when not needed, has the potential to bypass network partitioning and security.Solution
Configure the system to not use bridging.# rmmod bridge
Edit /etc/modprobe.conf and add a line such as 'install bridge /bin/false' to prevent the loading of the bridge module.
See Also
http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip
Item Details
Category: ACCESS CONTROL
References: 800-53|AC-4, CAT|II, CCI|CCI-001551, Group-ID|V-22421, Rule-ID|SV-37639r1_rule, STIG-ID|GEN003619, Vuln-ID|V-22421
Plugin: Unix
Control ID: 4f7754f8eaca40fb5297c06483316ac80a4da1fa4e91fbd9bd80bdbf43b4fde1