Profile Applicability:
• Level 1
Description:
Using multiple firewall configuration utilities simultaneously can cause conflicts, leading to inconsistent firewall rules and potential security gaps. Ensuring that only one firewall management tool is active helps maintain coherent and effective firewall policies.
Rationale:
A single firewall utility prevents rule conflicts and ensures predictable and reliable network traffic filtering, improving overall system security.
Impact:
Pros:
Prevents configuration conflicts and reduces complexity.
Simplifies firewall management and auditing.
Cons:
Requires administrative oversight to select and maintain the preferred utility.
Default Value:
Systems may have multiple firewall utilities installed or enabled by default.
Pre-requisites:
Root or sudo privileges to audit and manage firewall tools.
Remediation:
Test Plan:
Using Linux command line:
1. Identify installed firewall utilities:
rpm -qa | grep -E 'iptables|firewalld|nftables'
2. Check active firewall services:
systemctl status firewalld systemctl status iptables systemctl status nftables
3. Confirm only one firewall utility is actively managing firewall rules.
Implementation Plan:
Using Linux command line:
1. Disable and remove unused firewall utilities:
systemctl stop firewalld systemctl disable firewalld yum remove firewalld -y
(Replace with appropriate package manager commands and service names as needed.)
2. Enable and start the preferred firewall utility:
systemctl enable iptables systemctl start iptables
3. Verify only the chosen firewall utility is active.
Backout Plan:
Using Linux command line:
1. Re-enable previously disabled firewall utilities if required:
systemctl enable firewalld systemctl start firewalld
2. Verify service status and firewall functionality.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
Firewalld Documentation
iptables Documentation