STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must configure the uncomplicated firewall to rate-limit impacted network interfaces.

DISA Rule

SV-219340r610963_rule

Vulnerability Number

V-219340

Group Title

SRG-OS-000420-GPOS-00186

Rule Version

UBTU-18-010512

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Configure the application firewall to protect against or limit the effects of Denial of Service (DoS) attacks by ensuring the Ubuntu operating system is implementing rate-limiting measures on impacted network interfaces.

Run the following command replacing "[service]" with the service that needs to be rate limited.

# sudo ufw limit [service]

Or rate-limiting can be done on an interface. An example of adding a rate-limit on the eth0 interface:

# sudo ufw limit in on eth0

Check Contents

Verify an application firewall is configured to rate limit any connection to the system.

Check that the Uncomplicated Firewall is configured to rate limit any connection to the system with the following command:

# sudo ufw show raw

Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination
0 0 ufw-user-limit all -- eth0 * 0.0.0.0/0 0.0.0.0/0
ctstate NEW recent: UPDATE seconds: 30 hit_count: 6 name: DEFAULT side:
source mask: 255.255.255.255

0 0 ufw-user-limit-accept all -- eth0 * 0.0.0.0/0 0.0.0.0/0

If any service is not rate limited by the Uncomplicated Firewall, this is a finding.

Vulnerability Number

V-219340

Documentable

False

Rule Version

UBTU-18-010512

Severity Override Guidance

Verify an application firewall is configured to rate limit any connection to the system.

Check that the Uncomplicated Firewall is configured to rate limit any connection to the system with the following command:

# sudo ufw show raw

Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination
0 0 ufw-user-limit all -- eth0 * 0.0.0.0/0 0.0.0.0/0
ctstate NEW recent: UPDATE seconds: 30 hit_count: 6 name: DEFAULT side:
source mask: 255.255.255.255

0 0 ufw-user-limit-accept all -- eth0 * 0.0.0.0/0 0.0.0.0/0

If any service is not rate limited by the Uncomplicated Firewall, this is a finding.

Check Content Reference

M

Target Key

4055

Comments