STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must enable and run the uncomplicated firewall(ufw).

DISA Rule

SV-238355r654240_rule

Vulnerability Number

V-238355

Group Title

SRG-OS-000297-GPOS-00115

Rule Version

UBTU-20-010434

Severity

CAT II

CCI(s)

• CCI-002314 - The information system controls remote access methods.

Weight

10

Fix Recommendation

Enable the Uncomplicated Firewall by using the following command:

$ sudo systemctl enable --now ufw.service

Check Contents

Verify the Uncomplicated Firewall is enabled on the system by running the following command:

$ systemctl is-enabled ufw

If the above command returns the status as "disabled", this is a finding.

Verify the Uncomplicated Firewall is active on the system by running the following command:

$ systemctl is-active ufw

If the above command returns "inactive" or any kind of error, this is a finding.

If the Uncomplicated Firewall is not installed, ask the System Administrator if another application firewall is installed.

If no application firewall is installed, this is a finding.

Vulnerability Number

V-238355

Documentable

False

Rule Version

UBTU-20-010434

Severity Override Guidance

Verify the Uncomplicated Firewall is enabled on the system by running the following command:

$ systemctl is-enabled ufw

If the above command returns the status as "disabled", this is a finding.

Verify the Uncomplicated Firewall is active on the system by running the following command:

$ systemctl is-active ufw

If the above command returns "inactive" or any kind of error, this is a finding.

If the Uncomplicated Firewall is not installed, ask the System Administrator if another application firewall is installed.

If no application firewall is installed, this is a finding.

Check Content Reference

M

Target Key

5318

Comments