SLEM 5 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-261310	SLEM-05-251010	SV-261310r996401_rule		Medium

Description
To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable or restrict unused or unnecessary physical and logical ports/protocols on information systems. Additionally, operating system remote access functionality must have the capability to immediately disconnect current users remotely accessing the information system and/or disable further remote access. The speed of disconnect or disablement varies based on the criticality of mission functions and the need to eliminate immediate or future remote access to organizational information systems.

Description

To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable or restrict unused or unnecessary physical and logical ports/protocols on information systems. Additionally, operating system remote access functionality must have the capability to immediately disconnect current users remotely accessing the information system and/or disable further remote access. The speed of disconnect or disablement varies based on the criticality of mission functions and the need to eliminate immediate or future remote access to organizational information systems.

STIG	Date
SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide	2024-06-04

Details

Check Text ( C-65039r996399_chk )
Verify SLEM 5 "firewalld.service" is enabled and running with the following command: > systemctl status firewalld.service firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2023-11-29 08:12:35 MST If the service is not enabled and active, this is a finding. Check the firewall configuration for any unnecessary or prohibited functions, ports, protocols, and/or services by running the following command: > sudo firewall-cmd --list-all Ask the system administrator for the site or program PPSM Component Local Services Assessment (Component Local Services Assessment (CLSA). Verify the services allowed by the firewall match the PPSM CLSA. If there are any additional ports, protocols, or services that are not included in the PPSM CLSA, this is a finding. If there are any ports, protocols, or services that are prohibited by the PPSM CAL, this is a finding.

Check Text ( C-65039r996399_chk )

Verify SLEM 5 "firewalld.service" is enabled and running with the following command:

> systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2023-11-29 08:12:35 MST

If the service is not enabled and active, this is a finding.

Check the firewall configuration for any unnecessary or prohibited functions, ports, protocols, and/or services by running the following command:

> sudo firewall-cmd --list-all

Ask the system administrator for the site or program PPSM Component Local Services Assessment (Component Local Services Assessment (CLSA). Verify the services allowed by the firewall match the PPSM CLSA.

If there are any additional ports, protocols, or services that are not included in the PPSM CLSA, this is a finding.

If there are any ports, protocols, or services that are prohibited by the PPSM CAL, this is a finding.

Fix Text (F-64947r996400_fix)
Configure SLEM 5 is configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the PPSM CAL and vulnerability assessments. Add/modify /etc/firewalld configuration files to comply with the PPSM CAL. Enable and start the "firewalld.service" by running the following command: > sudo systemctl enable firewalld.service --now To immediately disable remote access and disconnect all current remote connections, the firewall needs to be set into panic mode. > sudo firewall-cmd --panic-on To allow remote access, panic mode needs to be disabled. > sudo firewall-cmd --panic-off

Fix Text (F-64947r996400_fix)

Configure SLEM 5 is configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the PPSM CAL and vulnerability assessments.

Add/modify /etc/firewalld configuration files to comply with the PPSM CAL.

Enable and start the "firewalld.service" by running the following command:

> sudo systemctl enable firewalld.service --now

To immediately disable remote access and disconnect all current remote connections, the firewall needs to be set into panic mode.

> sudo firewall-cmd --panic-on

To allow remote access, panic mode needs to be disabled.

> sudo firewall-cmd --panic-off