{"description": "\nThe firewalld service can be enabled with the following command:\n$ sudo systemctl enable firewalld.service
", "rationale": "Access control methods provide the ability to enhance system security posture\nby restricting services and known good IP addresses and address ranges. This\nprevents connections from unknown hosts and protocols.", "severity": "medium", "references": {"cis-csc": ["11", "3", "9"], "cobit5": ["BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05"], "cui": ["3.1.3", "3.4.7"], "isa-62443-2009": ["4.3.4.3.2", "4.3.4.3.3"], "isa-62443-2013": ["SR 7.6"], "iso27001-2013": ["A.12.1.2", "A.12.5.1", "A.12.6.2", "A.14.2.2", "A.14.2.3", "A.14.2.4"], "nerc-cip": ["CIP-003-8 R4", "CIP-003-8 R5", "CIP-004-6 R3"], "nist": ["AC-4", "CM-7(b)", "CA-3(5)", "SC-7(21)", "CM-6(a)"], "nist-csf": ["PR.IP-1"], "ospp": ["FMT_SMF_EXT.1"], "srg": ["SRG-OS-000096-GPOS-00050", "SRG-OS-000297-GPOS-00115", "SRG-OS-000480-GPOS-00227", "SRG-OS-000480-GPOS-00231", "SRG-OS-000480-GPOS-00232"], "bsi": ["SYS.1.6.A5", "SYS.1.6.A21"], "ism": ["1409"], "pcidss4": ["1.2.1", "1.2"]}, "control_references": {"bsi": ["SYS.1.6.A5", "SYS.1.6.A21"], "ism": ["1409"], "pcidss4": ["1.2.1", "1.2"]}, "components": [], "identifiers": {}, "ocil_clause": "the \"firewalld\" service is disabled, masked, or not started.", "ocil": "\n\nRun the following command to determine the current status of the\nfirewalld service:\n$ sudo systemctl is-active firewalld
\nIf the service is running, it should return the following: active
", "oval_external_content": null, "fixtext": "To enable the firewalld service run the following command:\n\n$ sudo systemctl enable --now firewalld", "checktext": "", "vuldiscussion": "", "srg_requirement": "The Ubuntu 22.04 service firewalld must be enabled.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "The firewalld service on Ubuntu 22.04 must be active.", "vuldiscussion": "\"Firewalld\" provides an easy and effective way to block/limit remote access to the system via ports, services, and protocols.\n\nRemote access services, such as those providing remote access to network devices and information systems, which lack automated control capabilities, increase risk and make remote user access management difficult at best.\n\nRemote access is access to DOD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless.\n\nUbuntu 22.04 functionality (e.g., RDP) must be capable of taking enforcement action if the audit reveals unauthorized activity. Automated control of remote access sessions allows organizations to ensure ongoing compliance with remote access policies by enforcing connection rules of remote access applications on a variety of information system components (e.g., servers, workstations, notebook computers, smartphones, and tablets).", "checktext": "Verify that \"firewalld\" is active with the following command:\n\n$ systemctl is-active firewalld\n\nactive\n\nIf the firewalld service is not active, this is a finding.", "fixtext": "To enable the firewalld service run the following command:\n\n$ sudo systemctl enable --now firewalld"}}, "platform": "package[firewalld]", "platforms": ["package[firewalld]"], "sce_metadata": {"check-import": "stdout", "platform": ["multi_platform_all"], "environment": "any", "filename": "service_firewalld_enabled.sh", "relative_path": "ubuntu2204/checks/sce/service_firewalld_enabled.sh"}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_firewalld"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Verify firewalld Enabled", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml", "template": {"name": "service_enabled", "vars": {"servicename": "firewalld"}, "backends": {}}}