Priveon Labs Security Blog

 
« Multiple BSD Distributions dtoa.c (pdtoa.c) and 'gdtoa/misc.c' Memory Corruption VulnerabilityBackTrack 4 Released »

RHEL, CSA, & IPv6 Weirdness

01/12/10

Permalink 09:07:50 am, by Fred Parks, 432 words
Categories: Cisco Security Agent

RHEL, CSA, & IPv6 Weirdness

Recently, I was tuning events in a CSA Management Center (version 6.01.117)  coming from a new RHEL5 server and I noticed something odd. Network Access Control rules that were triggering events on the RHEL box were showing IPv6 addresses in the event details even though IPv6 was not in use in this environment. Specifically, the machines initiating the network connections targeted at the RHEL box didn't even have the IPv6 protocol loaded but CSA was still sending back the event with both an IPv6 source and host address. Another odd thing was that there were existing allow rules in place that should have allowed the network traffic to go through based on IPv4 addressing but the agent appeared to ignore those allow rules.

 

Upon further research, I found that even though /etc/sysconfig/network file did have the NETWORKING_IPV6=no setting in it, the module for IPv6 was still being loaded by the system. I found a more thorough way if disabling IPv6 on the Red Hat knowledgebase site. After following the instructions below and rebooting the system, my rules started functioning as normal and no more weirdness ensued.

Check out Red Hat KB Article DOC-8711 for more details. Below is an excerpt from that article.

Disabling IPv6 Support Red Hat Enterprise Linux 5
If the following line exists in the /etc/modprobe.conf file, remove it:

alias net-pf-10 ipv6

Add the following line to the /etc/modprobe.conf file:

alias net-pf-10 off

In versions of Red Hat Enterprise Linux before 5.4, add the following line to the /etc/modprobe.conf file:
alias ipv6 off

In Red Hat Enterprise Linux 5.4 and later, add the following line to the /etc/modprobe.conf file:
options ipv6 disable=1

To prevent errors during the network initscript start routine, change the NETWORKING_IPV6 parameter in the /etc/sysconfig/network file to the following:
NETWORKING_IPV6=no

For completeness, it is a good idea to configure the ip6tables service not to start at boot by issuing the following command:
chkconfig ip6tables off

Once both the alias net-pf-10 off and alias ipv6 off lines are present in the /etc/modprobe.conf file and NETWORKING_IPV6=no is set in the /etc/sysconfig/network file, reboot the system to disable IPv6 support.


Re-enabling IPv6 Support Red Hat Enterprise Linux 5
To re-enable IPv6 on Red Hat Enterprise Linux 5 systems, remove the following lines from the  /etc/modprobe.conf file:

alias net-pf-10 off

alias ipv6 off

Set the following parameter in the /etc/sysconfig/network file:
NETWORKING_IPV6=yes

Re-enable ipv6tables by issuing the following command:
chkconfig ip6tables on

You must reboot the system to activate IPv6 support.


PermalinkPermalink

Priveon, Inc.

Today's complex security and networking solutions require a great deal of knowledge to successfully support and operate. Priveon uses the field experience of its expert staff to develop and maintain a positive reinforcement loop between business practices and to provide the latest information to our customers. The information posted here is supported by Priveon subject-matter experts.

Search

Categories

XML Feeds

What is RSS?

Archives