000033302 - Disable IPv6 on Ethernet cards for auditing purposes for RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033302
Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
O/S Version: Suse Linux 11.3

IssueDue to PCI compliance, some customers need to disable IPv6 if not used.
Resolution SSH to the instance using rsaadmin account :
  1. Switch to root:
    sudo su - root

  2. Edit sysctl.conf 
    vi /etc/sysctl.conf

  3.  Press 'i' for insert and add the below line at the end:
    net.ipv6.conf.eth0.disable_ipv6 = 1

    where eth0 is the interface which shows the ipv6 in the ifconfig command.
  4. Press ESC , then type ':wq!'
  5. Restart sysctl
    sysctl -p

  6. Restart network service.
    service network restart

Then try again ifconfig , it should not show the ipv6.
Note: Please double check that you do not nee IPv6 to communicate with your agents.
NotesThis technique disables IPv6 on interfaces, without the need of disable kernel modules that might overlap.

Attachments

    Outcomes