{"description": "The <code>SuSEfirewall2</code> package can be installed with the following command:\n<pre>\n$ apt-get install SuSEfirewall2</pre>\n\nThe <code>SuSEfirewall2</code> service can be enabled with the following command:\n<pre>$ sudo systemctl enable SuSEfirewall2.service</pre>\n\nVerify \"SuSEfirewall2\" is configured to protect the SUSE operating system\nagainst or limit the effects of DoS attacks. \n\nRun the following command:\n\n<pre># grep -i fw_services_accept_ext /etc/sysconfig/SuSEfirewall2\nFW_SERVICES_ACCEPT_EXT=\"0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh\"</pre>\n\nIf the \"FW_SERVICES_ACCEPT_EXT\" rule does not contain both the\n<tt>hitcount</tt> and <tt>blockseconds</tt> parameters, this is a finding.", "rationale": "DoS is a condition when a resource is not available for legitimate users.\nWhen this occurs, the organization either cannot accomplish its mission or\nmust operate at degraded capacity.\n\nThis requirement addresses the configuration of the SUSE operating system to\nmitigate the impact on system availability of DoS attacks that have occurred\nor are ongoing. For each system, known and potential DoS attacks must be\nidentified and solutions for each type implemented. A variety of\ntechnologies exist to limit or, in some cases, eliminate the effects of\nDoS attacks (e.g., limiting processes or establishing memory partitions).\nEmploying increased capacity and bandwidth, combined with service\nredundancy, may reduce the susceptibility to some DoS attacks.", "severity": "medium", "references": {"srg": ["SRG-OS-000420-GPOS-00186"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the DoS protection is not active", "ocil": "\nRun the following command to determine if the <code>SuSEfirewall2</code> package is installed:\n<pre>$ dpkg -l  SuSEfirewall2</pre>\n\n\nRun the following command to determine the current status of the\n<code>SuSEfirewall2</code> service:\n<pre>$ sudo systemctl is-active SuSEfirewall2</pre>\nIf the service is running, it should return the following: <pre>active</pre>\n\nRun the following command:\n\n<pre># grep -i fw_services_accept_ext /etc/sysconfig/SuSEfirewall2\nFW_SERVICES_ACCEPT_EXT=\"0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh\"</pre>\n\nIf the \"FW_SERVICES_ACCEPT_EXT\" rule does not contain both the\n<tt>hitcount</tt> and <tt>blockseconds</tt> parameters, this is a finding.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Enable DoS Protections in SuSEfirewall2", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-susefirewall2/susefirewall2_ddos_protection/rule.yml", "template": null}