Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-215113 | UBTU-16-030050 | SV-215113r508033_rule | Medium |
Description |
---|
Failure to restrict network connectivity only to authorized systems permits inbound connections from malicious systems. It also permits outbound connections that may facilitate exfiltration of DoD data. Satisfies: SRG-OS-000297-GPOS-00115, SRG-OS-000480-GPOS-00231 |
STIG | Date |
---|---|
Canonical Ubuntu 16.04 LTS Security Technical Implementation Guide | 2020-09-03 |
Check Text ( C-16312r285207_chk ) |
---|
Verify the Uncomplicated Firewall is configured to employ a deny-all, allow-by-exception policy for allowing connections to other systems. Check the Uncomplicated Firewall configuration with the following command: # sudo ufw status Status: active To Action From -- ------ ---- [ 1] 22 LIMIT IN Anywhere If any services, ports, or applications are "allowed" and are not documented with the organization, this is a finding. |
Fix Text (F-16310r285208_fix) |
---|
Configure the Uncomplicated Firewall to employ a deny-all, allow-by-exception policy for allowing connections to other systems. Remove any service that is not needed or documented by the organization with the following command (replace [NUMBER] with the rule number): # sudo ufw delete [NUMBER] Another option would be to set the Uncomplicated Firewall back to default with the following commands: # sudo ufw default deny incoming # sudo ufw default allow outgoing Note: UFW’s defaults are to deny all incoming connections and allow all outgoing connections. |