Lynis Controls - Firewall



Security Controls

[FIRE-4512] Empty iptables ruleset Category  
Lynis checks for the availability of IPtables, but also if the ruleset is not empty. This might indicate bad configuration or a missing ruleset on the system. Firewall
Cfengine Chef Shell script Puppet Effort Risk
    tick  
1 2 3 4 5
1 2 3 4 5

[FIRE-4513] Unused iptables rules Category  
This control checks what iptables rules are currently not being used. Proper maintenance of firewall rules is essential for accuracy and proper network traffic filtering. Regular checks on the proper working and rule-sets help in limiting traffic to the bare minimum and decrease general risk of unauthorized connections. Note: Some rules might have no hits, while still being applicable. Before removing rules, make sure that the time to monitor is long enough. Firewall
Cfengine Chef Shell script Puppet Effort Risk
    tick  
1 2 3 4 5
1 2 3 4 5

[FIRE-4590] Active firewall Category  
Depending on the type of system and sensitivity of the data being stored and processed, a firewall is advised. Firewall
Cfengine Chef Shell script Puppet Effort Risk
tick tick   tick
1 2 3 4 5
1 2 3 4 5