STIGQter STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

SuSEfirewall2 must protect against or limit the effects of Denial-of-Service (DoS) attacks on the SUSE operating system by implementing rate-limiting measures on impacted network interfaces.

DISA Rule

SV-217262r603262_rule

Vulnerability Number

V-217262

Group Title

SRG-OS-000420-GPOS-00186

Rule Version

SLES-12-030040

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure "SuSEfirewall2" to protect the SUSE operating system against or limit the effects of DoS attacks by implementing rate-limiting measures on impacted network interfaces.

Add or replace the following line in "/etc/sysconfig/SuSEfirewall2":

FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"

The firewall must be restarted in order for the changes to take effect.

# sudo systemctl restart SuSEfirewall2.service

Check Contents

Verify "SuSEfirewall2" is configured to protect the SUSE operating system against or limit the effects of DoS attacks.

Run the following command:

# grep -i fw_services_accept_ext /etc/sysconfig/SuSEfirewall2
FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"

If the "FW_SERVICES_ACCEPT_EXT" rule does not contain both the "hitcount" and "blockseconds" parameters, this is a finding.

Vulnerability Number

V-217262

Documentable

False

Rule Version

SLES-12-030040

Severity Override Guidance

Verify "SuSEfirewall2" is configured to protect the SUSE operating system against or limit the effects of DoS attacks.

Run the following command:

# grep -i fw_services_accept_ext /etc/sysconfig/SuSEfirewall2
FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"

If the "FW_SERVICES_ACCEPT_EXT" rule does not contain both the "hitcount" and "blockseconds" parameters, this is a finding.

Check Content Reference

M

Target Key

4033

Comments