Profile Applicability:
• Level 1
Description:
Only authorized and approved services should be allowed to listen on network interfaces to minimize the attack surface and prevent unauthorized access. Regular manual reviews of listening services help maintain system security and compliance.
Rationale:
Unapproved services listening on network interfaces can provide attackers with entry points into the system. Ensuring only approved services listen reduces exposure to vulnerabilities and unauthorized access.
Impact:
Pros:
Reduces risk of unauthorized network access.
Supports compliance with security policies.
Cons:
Manual review requires administrative effort and expertise.
Risk of disrupting necessary services if incorrectly disabled.
Default Value:
Systems may have various services listening depending on configuration and role.
Pre-requisites:
Root or sudo privileges to audit network services.
Remediation:
Test Plan:
Using Linux command line:
- List all services listening on network interfaces
ss -tuln netstat -tuln
Compare the list against the approved services inventory.
Identify unapproved or unexpected listening services.
Implementation Plan:
Using Linux command line:
Investigate unapproved services to determine necessity.
- Disable or reconfigure unnecessary services to stop listening:
systemctl stop <service_name> systemctl disable <service_name>
Verify changes by re-listing listening services.
Backout Plan:
Using Linux command line:
- Re-enable services if required for business or operational needs:
systemctl enable <service_name> systemctl start <service_name>
Confirm services are functioning correctly.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
Linux ss Command