STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must configure the uncomplicated firewall to rate-limit impacted network interfaces.

DISA Rule

SV-238367r654276_rule

Vulnerability Number

V-238367

Group Title

SRG-OS-000420-GPOS-00186

Rule Version

UBTU-20-010446

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Configure the application firewall to protect against or limit the effects of DoS attacks by ensuring the Ubuntu operating system is implementing rate-limiting measures on impacted network interfaces.

Check all the services listening to the ports with the following command:

$ sudo ss -l46ut

Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp LISTEN 0 128 [::]:ssh [::]:*

For each service with a port listening to connections, run the following command, replacing "[service]" with the service that needs to be rate limited.

$ sudo ufw limit [service]

Rate-limiting can also be done on an interface. An example of adding a rate-limit on the eth0 interface follows:

$ sudo ufw limit in on eth0

Check Contents

Verify an application firewall is configured to rate limit any connection to the system.

Check all the services listening to the ports with the following command:

$ sudo ss -l46ut

Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp LISTEN 0 128 [::]:ssh [::]:*

For each entry, verify that the Uncomplicated Firewall is configured to rate limit the service ports with the following command:

$ sudo ufw status

Status: active

To Action From
-- ------ ----
22/tcp LIMIT Anywhere
22/tcp (v6) LIMIT Anywhere (v6)

If any port with a state of "LISTEN" is not marked with the "LIMIT" action, this is a finding.

Vulnerability Number

V-238367

Documentable

False

Rule Version

UBTU-20-010446

Severity Override Guidance

Verify an application firewall is configured to rate limit any connection to the system.

Check all the services listening to the ports with the following command:

$ sudo ss -l46ut

Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp LISTEN 0 128 [::]:ssh [::]:*

For each entry, verify that the Uncomplicated Firewall is configured to rate limit the service ports with the following command:

$ sudo ufw status

Status: active

To Action From
-- ------ ----
22/tcp LIMIT Anywhere
22/tcp (v6) LIMIT Anywhere (v6)

If any port with a state of "LISTEN" is not marked with the "LIMIT" action, this is a finding.

Check Content Reference

M

Target Key

5318

Comments