000033302 - How to disable IPv6 on Ethernet cards for auditing purposes for RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Link Admin on Nov 14, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000033302
Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x

IssueDue to PCI compliance requirements, some customers need to disable IPv6 if it is not used.
Resolution

Before continuing, please double check that you do not need IPv6 to communicate with your agents.

  1. Launch an SSH client, such as PuTTY.
  2. Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.

Note that during Quick Setup another user name may have been selected. Use that user name to login.

  1. Switch to root:
sudo su - root
  1. Edit sysctl.conf 
vi /etc/sysctl.conf
  1.  Press i to enter Insert mode and add the following line at the end:
net.ipv6.conf.eth0.disable_ipv6 = 1
where eth0 is the interface which shows the ipv6 in the ifconfig command.
  1. Press Escape then type :wq! to save and close the file.
  2. Restart sysctl:
sysctl -p
  1. Restart network service.
service network restart
NotesThis technique disables IPv6 on interfaces, without disabling kernel modules that might overlap.

Attachments

    Outcomes