V-279586

Discussion

Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications are allowed to communicate over the network. Satisfies: SRG-OS-000480-GPOS-00232, SRG-OS-000368-GPOS-00154, SRG-OS-000370-GPOS-00155

Check Content

1. Verify AOS, Prism Central, and Files has "fapolicyd" installed and is configured for deny-all, permit by exception policy using the following command.

$ sudo systemctl status fapolicyd.service 
fapolicyd.service - File Access Policy Daemon
   Loaded: loaded (/usr/lib/systemd/system/fapolicyd.service; enabled; vendor preset: disabled)
   Active: active (running)

$ sudo grep permissive /etc/fapolicyd/fapolicyd.conf 
permissive = 0

$sudo tail /etc/fapolicyd/compiled.rules
deny_audit perm=any pattern=ld_so : all
deny_audit perm=any all : ftype=application/x-bad-elf
allow perm=open all : ftype=application/x-sharedlib trust=1
deny perm=any all : all

2. For AHV, verify iptables services are "Loaded" and "Active".

$ sudo service iptables status
iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
   Active: active (exited) since Mon 2021-08-02 15:02:12 CDT; 2 weeks 6 days ago
 Main PID: 1250 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/iptables.service

3. If IPv6 is in use, run the following command.

$ sudo service ip6tables status
ip6tables.service - IPv6 firewall with ip6tables
   Loaded: loaded (/usr/lib/systemd/system/ip6tables.service; enabled; vendor preset: disabled)
   Active: active (exited) since Mon 2021-08-02 15:02:12 CDT; 2 weeks 6 days ago
 Main PID: 1313 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/ip6tables.service

If an application firewall is not configured or is not installed or enabled, this is a finding.