{"description": "\nThe <code>SuSEfirewall2</code> service can be enabled with the following command:\n<pre>$ sudo systemctl enable SuSEfirewall2.service</pre>", "rationale": "To prevent unauthorized connection of devices, unauthorized transfer of\ninformation, or unauthorized tunneling (i.e., embedding of data types\nwithin data types), organizations must disable or restrict unused or\nunnecessary physical and logical ports/protocols on information systems.\n\nSUSE operating systems are capable of providing a wide variety of functions\nand services. Some of the functions and services provided by default may\nnot be necessary to support essential organizational operations.\nAdditionally, it is sometimes convenient to provide multiple services from\na single component (e.g., VPN and IPS); however, doing so increases risk\nover limiting the services provided by any one component.", "severity": "medium", "references": {"srg": ["SRG-OS-000420-GPOS-00186", "SRG-OS-000096-GPOS-00050"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": "\n\nRun the following command to determine the current status of the\n<code>SuSEfirewall2</code> service:\n<pre>$ sudo systemctl is-active SuSEfirewall2</pre>\nIf the service is running, it should return the following: <pre>active</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {"check-import": "stdout", "platform": ["multi_platform_all"], "environment": "any", "filename": "service_SuSEfirewall2_enabled.sh", "relative_path": "ubuntu2204/checks/sce/service_SuSEfirewall2_enabled.sh"}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Enable the SuSEfirewall 2", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-susefirewall2/service_SuSEfirewall2_enabled/rule.yml", "template": {"name": "service_enabled", "vars": {"servicename": "SuSEfirewall2"}, "backends": {}}}