Lynis security controls


FIRE-4512FirewallEmpty iptables ruleset

Lynis checks for the availability of IPtables, but also if the ruleset is not empty. This might indicate bad configuration or a missing ruleset on the system.

FIRE-4513FirewallUnused iptables rules

This control checks what iptables rules are currently not being used. Proper maintenance of firewall rules is essential for accuracy and proper network traffic filtering. Regular checks on the proper working and rule-sets help in limiting traffic to the bare minimum and decrease general risk of unauthorized connections.

Note: Some rules might have no hits, while still being applicable. Before removing rules, make sure that the time to monitor is long enough.

FIRE-4590FirewallActive firewall

Depending on the type of system and sensitivity of the data being stored and processed, a firewall is advised.