Nutanix AOS must enable an application firewall, if available.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-254198 | NUTX-OS-001110 | SV-254198r846682_rule | Medium |
| Description |
|---|
| Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications are allowed to communicate over the network. |
| STIG | Date |
|---|---|
| Nutanix AOS 5.20.x OS Security Technical Implementation Guide | 2022-08-24 |
Details
| Check Text ( C-57683r846680_chk ) |
|---|
| Confirm Nutanix AOS prohibits or restricts the use of remote access methods, using the iptables firewall service. $ sudo service iptables status iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled) Active: active (exited) since Mon 2021-08-02 15:02:12 CDT; 2 weeks 6 days ago Main PID: 1250 (code=exited, status=0/SUCCESS) CGroup: /system.slice/iptables.service If IPv6 is in use: $ sudo service ip6tables status ip6tables.service - IPv6 firewall with ip6tables Loaded: loaded (/usr/lib/systemd/system/ip6tables.service; enabled; vendor preset: disabled) Active: active (exited) since Mon 2021-08-02 15:02:12 CDT; 2 weeks 6 days ago Main PID: 1313 (code=exited, status=0/SUCCESS) CGroup: /system.slice/ip6tables.service If no iptables services are "Loaded" and "Active", this is a finding. |
| Fix Text (F-57634r846681_fix) |
|---|
| Configure the system to restrict the use of remote access methods by running the following command. $ sudo salt-call state.sls security/CVM/iptables/init |