Skip to content

Commit

Permalink
Add rule ufw_only_required_services
Browse files Browse the repository at this point in the history
  • Loading branch information
dodys committed Sep 23, 2021
1 parent 17c8cd8 commit 8e39d9d
Showing 1 changed file with 73 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
documentation_complete: true

prodtype: ubuntu2004

title: 'Only Allow Authorized Network Services in ufw'

description: |-
Check the firewall configuration for any unnecessary or prohibited
functions, ports, protocols, and/or services by running the following
command:
<pre>$ sudo ufw show raw
Chain OUTPUT (policy ACCEPT)
target prot opt sources destination
Chain INPUT (policy ACCEPT 1 packets, 40 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination</pre>
Ask the System Administrator for the site or program PPSM CLSA. Verify
the services allowed by the firewall match the PPSM CLSA.
rationale: |-
To prevent unauthorized connection of devices, unauthorized transfer of
information, or unauthorized tunneling (i.e., embedding of data types
within data types), organizations must disable or restrict unused or
unnecessary physical and logical ports/protocols on information systems.
Operating systems are capable of providing a wide variety of functions
and services. Some of the functions and services provided by default
may not be necessary to support essential organizational operations.
Additionally, it is sometimes convenient to provide multiple services
from a single component (e.g., VPN and IPS); however, doing so
increases risk over limiting the services provided by any one component.
To support the requirements and principles of least functionality, the
operating system must support the organizational requirements, providing
only essential capabilities and limiting the use of ports, protocols,
and/or services to only those required, authorized, and approved to
conduct official business or to address authorized quality of life
issues.
platforms:
- var_ufw
- machine

severity: medium

references:
disa: CCI-000382
srg: SRG-OS-000096-GPOS-00050
stigid@ubuntu2004: UBTU-20-010407

ocil_clause: 'unauthorized network services can be accessed from the network'

ocil: |-
Check the firewall configuration for any unnecessary or prohibited
functions, ports, protocols, and/or services by running the following
command:
<pre>$ sudo ufw show raw</pre>
Ask the System Administrator for the site or program PPSM CLSA. Verify
the services allowed by the firewall match the PPSM CLSA.
Add all ports, protocols, or services allowed by the PPSM CLSA by using
the following command:
<pre>$ sudo ufw allow "direction" "port/protocol/service"</pre>
where the direction is "in" or "out" and the port is the one
corresponding to the protocol or service allowed.
To deny access to ports, protocols, or services, use:
<pre>$ sudo ufw deny "direction" "port/protocol/service"</pre>

0 comments on commit 8e39d9d

Please sign in to comment.