{"description": "nftables provides a new in-kernel packet classification framework that is based on a\nnetwork-specific Virtual Machine (VM) and a new nft userspace command line tool.\nnftables reuses the existing Netfilter subsystems such as the existing hook infrastructure,\nthe connection tracking system, NAT, userspace queuing and logging subsystem.\nThe <code>nftables</code> package can be installed with the following command:\n<pre>\n$ apt-get install nftables</pre>", "rationale": "<tt>nftables</tt> is a subsystem of the Linux kernel that can protect against threats\noriginating from within a corporate network to include malicious mobile code and poorly\nconfigured software on a host.", "severity": "medium", "references": {"cis": ["4.2.1"], "pcidss4": ["1.2.1", "1.2"]}, "control_references": {"cis": ["4.2.1"], "pcidss4": ["1.2.1", "1.2"]}, "components": [], "identifiers": {}, "ocil_clause": "the package is not installed", "ocil": " Run the following command to determine if the <code>nftables</code> package is installed: <pre>$ dpkg -l  nftables</pre>", "oval_external_content": null, "fixtext": "The <code>nftables</code> package can be installed with the following command:\n<pre>\n$ apt-get install nftables</pre>", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel and service_disabled[iptables] and service_disabled[ufw]", "platforms": ["system_with_kernel and service_disabled[iptables] and service_disabled[ufw]"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["service_disabled_iptables_and_service_disabled_ufw_and_system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Install nftables Package", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml", "template": {"name": "package_installed_guard_var", "vars": {"pkgname": "nftables", "variable": "var_network_filtering_service", "value": "nftables"}, "backends": {}}}