Closed 72nomada closed 1 year ago
Target version | Related issue | Related PR |
---|---|---|
4.4.0 | #3390 | https://github.com/wazuh/wazuh/pull/15051 |
Check ID | Check Name | Implemented | Ready for review | QA review |
---|---|---|---|---|
3.5 | Firewall Configuration | ⚫ | ||
3.5.1 | Configure UncomplicatedFirewall | ⚫ | ||
3.5.1.1 | Ensure ufw is installed (Automated) | 🟢 | ||
3.5.1.2 | Ensure iptables-persistent is not installed with ufw (Automated) | 🟢 | ||
3.5.1.3 | Ensure ufw service is enabled (Automated) | 🟢 | ||
3.5.1.4 | Ensure ufw loopback traffic is configured (Automated) | 🟢 | ||
3.5.1.5 | Ensure ufw outbound connections are configured (Manual) | 🔴 | Not implemented | |
3.5.1.6 | Ensure ufw firewall rules exist for all open ports (Automated) | 🔴 | Not implemented | |
3.5.1.7 | Ensure ufw default deny firewall policy (Automated) | 🟢 | ||
3.5.2 | Configure nftables | ⚫ | ||
3.5.2.1 | Ensure nftables is installed (Automated) | 🟢 | ||
3.5.2.2 | Ensure ufw is uninstalled or disabled with nftables (Automated) | 🔴 | Not implemented | |
3.5.2.3 | Ensure iptables are flushed with nftables (Manual) | 🔴 | Not implemented | |
3.5.2.4 | Ensure a nftables table exists (Automated) | 🟢 | ||
3.5.2.5 | Ensure nftables base chains exist (Automated) | 🟢 | ||
3.5.2.6 | Ensure nftables loopback traffic is configured (Automated) | 🔴 | Not implemented | |
3.5.2.7 | Ensure nftables outbound and established connections are configured (Manual) | 🔴 | Not implemented | |
3.5.2.8 | Ensure nftables default deny firewall policy (Automated) | 🟢 | ||
3.5.2.9 | Ensure nftables service is enabled (Automated) | 🟢 | ||
3.5.2.10 | Ensure nftables rules are permanent (Automated) | 🔴 | Not implemented | |
3.5.3 | Configure iptables | ⚫ | ||
3.5.3.1 | Configure iptables software | ⚫ | ||
3.5.3.1.1 | Ensure iptables packages are installed (Automated) | 🟢 | ||
3.5.3.1.2 | Ensure nftables is not installed with iptables (Automated) | 🟢 | ||
3.5.3.1.3 | Ensure ufw is uninstalled or disabled with iptables (Automated) | 🟢 | ||
3.5.3.2 | Configure IPv4 iptables | ⚫ | ||
3.5.3.2.1 | Ensure iptables default deny firewall policy (Automated) | 🟢 | ||
3.5.3.2.2 | Ensure iptables loopback traffic is configured (Automated) | 🟢 | ||
3.5.3.2.3 | Ensure iptables outbound and established connections are configured (Manual) | 🔴 | Not implemented | |
3.5.3.2.4 | Ensure iptables firewall rules exist for all open ports (Automated) | 🔴 | Not implemented | |
3.5.3.3 | Configure IPv6 ip6tables | ⚫ | ||
3.5.3.3.1 | Ensure ip6tables default deny firewall policy (Automated) | 🟢 | ||
3.5.3.3.2 | Ensure ip6tables loopback traffic is configured (Automated) | 🟢 | ||
3.5.3.3.3 | Ensure ip6tables outbound and established connections are configured (Manual) | 🔴 | Not implemented | |
3.5.3.3.4 | Ensure ip6tables firewall rules exist for all open ports (Automated) | 🔴 | Not implemented |
Tester | PR commit |
---|---|
@Rebits | https://github.com/wazuh/wazuh/pull/15051/commits/f1967aa144ec4537fa4eb68f4d9c00241cf065f3 |
OS | OS version | Deployment | Image/AMI | Notes |
---|---|---|---|---|
Ubuntu | Ubuntu 20.04 | EC2 | ami-003530de8839921c4 |
🟢 | Solved |
All of the reported issues were fixed in this current development
(1) Errors and improvements in policy checks. 🟢