Rule ID
SV-216143r959010_rule
Version
V3R5
CCIs
The network routing daemon, in.routed, manages network routing tables. If enabled, it periodically supplies copies of the system's routing tables to any directly connected hosts and networks and picks up routes supplied to it from other networks and hosts. Routing Internet Protocol (RIP) is a legacy protocol with a number of security weaknesses, including a lack of authentication, zoning, pruning, etc.
Determine if routing is disabled. # routeadm -p | egrep "routing |forwarding" | grep enabled If the command output includes "persistent=enabled" or "current=enabled", this is a finding.
The Network Management profile is required. Disable routing for IPv4 and IPv6. # pfexec routeadm -d ipv4-forwarding -d ipv4-routing # pfexec routeadm -d ipv6-forwarding -d ipv6-routing To apply these changes to the running system, use the command: # pfexec routeadm -u