Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check ufw is active #11984

Merged
merged 3 commits into from
May 14, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions components/ufw.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ name: ufw
packages:
- ufw
rules:
- check_ufw_active
- package_ufw_installed
- package_ufw_removed
- service_ufw_enabled
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
documentation_complete: true

title: 'Verify ufw Active'

description: |-
Verify the ufw is enabled on the system with the following command:
<pre># sudo ufw status</pre>
If the above command returns the status as "inactive" or any type of error, this is a finding.

rationale: |-
Remote access services, such as those providing remote access to network devices and information systems,
which lack automated control capabilities, increase risk and make remote user access management difficult at best.
Remote access is access to DOD nonpublic information systems by an authorized user (or an information system) communicating
through an external, nonorganization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless.
Ubuntu 22.04 LTS functionality (e.g., RDP) must be capable of taking enforcement action if the audit reveals unauthorized activity.
Automated control of remote access sessions allows organizations to ensure ongoing compliance with remote access policies by
enforcing connection rules of remote access applications on a variety of information system components.

severity: medium

references:
cis@ubuntu2004: 3.5.1.3
cis@ubuntu2204: 3.5.1.3
disa: CCI-002314
stigid@ubuntu2004: UBTU-20-010434
stigid@ubuntu2204: UBTU-22-251015

fixtext: |-
Enable the ufw by using the following command:
<pre>$ sudo ufw enable</pre>
alanmcanonical marked this conversation as resolved.
Show resolved Hide resolved

platform: machine and package[ufw]
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#!/usr/bin/env bash
# platform = multi_platform_ubuntu
# check-import = stdout

result=$XCCDF_RESULT_FAIL

if ufw status | grep -qw "active"; then
result=${XCCDF_RESULT_PASS}
fi

exit $result
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# package = ufw

systemctl enable --now ufw
ufw allow ssh
ufw -f enable
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# package = ufw
# remediation = none

systemctl enable --now ufw
ufw allow ssh
ufw -f enable || exit 1
ufw disable
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ references:
disa: CCI-002314
srg: SRG-OS-000297-GPOS-00115
stigid@ubuntu2004: UBTU-20-010434
stigid@ubuntu2204: UBTU-22-251015
stigid@ubuntu2204: UBTU-22-251020

ocil_clause: 'the service is not enabled'

Expand Down
1 change: 1 addition & 0 deletions products/ubuntu2004/profiles/stig.profile
Original file line number Diff line number Diff line change
Expand Up @@ -523,6 +523,7 @@ selections:

# UBTU-20-010434 The Ubuntu operating system must enable and run the uncomplicated firewall(ufw).
- service_ufw_enabled
- check_ufw_active

# UBTU-20-010435 The Ubuntu operating system must, for networked systems, compare internal information system clocks at least every 24 hours with a server which is synchronized to one of the redundant United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).
- var_time_service_set_maxpoll=36_hours
Expand Down
6 changes: 3 additions & 3 deletions products/ubuntu2204/profiles/stig.profile
Original file line number Diff line number Diff line change
Expand Up @@ -569,11 +569,11 @@ selections:
# UBTU-22-412015 The Ubuntu operating system must display the date and time of the last successful account logon upon logon.
- display_login_attempts

# UBTU-22-251015 The Ubuntu operating system must have an application firewall enabled.
- service_ufw_enabled
# UBTU-22-251015 The Ubuntu operating system must enable and run the Uncomplicated Firewall (ufw).
- check_ufw_active

# UBTU-22-251020 The Ubuntu operating system must have an application firewall enabled.
# same as UBTU-22-251015
- service_ufw_enabled

### TODO
# UBTU-22-291015 The Ubuntu operating system must disable all wireless network adapters.
Expand Down
Loading