STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-217261r603262_rule
V-217261
SRG-OS-000096-GPOS-00050
SLES-12-030030
CAT II
10
Configure the SUSE operating system is configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.
Add/modify /etc/sysconfig/SuSEfirewall2 file to comply with the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL).
Enable the "SuSEfirewall2.service" by running the following command:
# systemctl enable SuSEfirewall2.service
Start the "SuSEfirewall2.service" by running the following command:
# systemctl start SuSEfirewall2.service
Verify the SUSE operating system is configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.
Check that the "SuSEfirewall2.service" is enabled and running by running the following command:
# systemctl status SuSEfirewall2.service
* SuSEfirewall2.service - SuSEfirewall2 phase 2
Loaded: loaded (/usr/lib/systemd/system/SuSEfirewall2.service; enabled; vendor preset: disabled)
Active: active (exited) since Thu 2017-03-09 17:33:29 UTC; 6 days ago
Main PID: 2533 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 512)
Memory: 0B
CPU: 0
CGroup: /system.slice/SuSEfirewall2.service
If the service is not enabled, this is a finding.
If the service is not active, this is a finding.
Check the firewall configuration for any unnecessary or prohibited functions, ports, protocols, and/or services by running the following command:
# grep ^FW_ /etc/sysconfig/SuSEfirewall2
Ask the System Administrator for the site or program PPSM Component Local Services Assessment (Component Local Services Assessment (CLSA). Verify the services allowed by the firewall match the PPSM CLSA.
If there are any additional ports, protocols, or services that are not included in the PPSM CLSA, this is a finding.
If there are any ports, protocols, or services that are prohibited by the PPSM CAL, this is a finding.
V-217261
False
SLES-12-030030
Verify the SUSE operating system is configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.
Check that the "SuSEfirewall2.service" is enabled and running by running the following command:
# systemctl status SuSEfirewall2.service
* SuSEfirewall2.service - SuSEfirewall2 phase 2
Loaded: loaded (/usr/lib/systemd/system/SuSEfirewall2.service; enabled; vendor preset: disabled)
Active: active (exited) since Thu 2017-03-09 17:33:29 UTC; 6 days ago
Main PID: 2533 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 512)
Memory: 0B
CPU: 0
CGroup: /system.slice/SuSEfirewall2.service
If the service is not enabled, this is a finding.
If the service is not active, this is a finding.
Check the firewall configuration for any unnecessary or prohibited functions, ports, protocols, and/or services by running the following command:
# grep ^FW_ /etc/sysconfig/SuSEfirewall2
Ask the System Administrator for the site or program PPSM Component Local Services Assessment (Component Local Services Assessment (CLSA). Verify the services allowed by the firewall match the PPSM CLSA.
If there are any additional ports, protocols, or services that are not included in the PPSM CLSA, this is a finding.
If there are any ports, protocols, or services that are prohibited by the PPSM CAL, this is a finding.
M
4033