STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The SUSE operating system must have a firewall system installed to immediately disconnect or disable remote access to the whole operating system.

DISA Rule

SV-234846r622137_rule

Vulnerability Number

V-234846

Group Title

SRG-OS-000298-GPOS-00116

Rule Version

SLES-15-010370

Severity

CAT II

CCI(s)

• CCI-002322 - The organization provides the capability to expeditiously disconnect or disable remote access to the information system within the organization-defined time period.

Weight

10

Fix Recommendation

Configure the SUSE operating system to enable the firewall service. This is needed to be able to immediately disconnect or disable remote access to the whole system.

Enable the "firewalld.service" by running the following command:

> sudo systemctl enable firewalld.service

Start the "firewalld.service" by running the following command:

> sudo systemctl start firewalld.service

To immediately disconnect or disable remote access the firewall needs to be set into panic mode.

> sudo firewall-cmd --panic-on

To enable remote connection again, panic mode needs to be disabled.

> sudo firewall-cmd --panic-off

Check Contents

Verify "firewalld" is configured to protect the SUSE operating system.

Run the following command:

> systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-11-06 10:58:11 CET; 24h ago
Docs: man:firewalld(1)
Main PID: 1105 (firewalld)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/firewalld.service
??1105 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid

If the service is not enabled, this is a finding.

If the service is not active, this is a finding.

Vulnerability Number

V-234846

Documentable

False

Rule Version

SLES-15-010370

Severity Override Guidance

Verify "firewalld" is configured to protect the SUSE operating system.

Run the following command:

> systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-11-06 10:58:11 CET; 24h ago
Docs: man:firewalld(1)
Main PID: 1105 (firewalld)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/firewalld.service
??1105 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid

If the service is not enabled, this is a finding.

If the service is not active, this is a finding.

Check Content Reference

M

Target Key

5274

Comments