4.2.1 Ensure ufw is installed

Information

The Uncomplicated Firewall (ufw) is a frontend for iptables and is particularly well-suited for host-based firewalls. ufw provides a framework for managing netfilter, as well as a command-line interface for manipulating the firewall

A firewall utility is required to configure the Linux kernel's netfilter framework via the iptables or nftables back-end.

The Linux kernel's netfilter framework host-based firewall can protect against threats originating from within a corporate network to include malicious mobile code and poorly configured software on a host.

Note: Only one firewall utility should be installed and configured. UFW is dependent on the iptables package

Solution

Run the following command to install Uncomplicated Firewall (UFW):

# apt install ufw

See Also

https://workbench.cisecurity.org/benchmarks/18959

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CA-9, 800-53|SC-7, 800-53|SC-7(5), CSCv7|9.4

Plugin: Unix

Control ID: 028078807020fc3f4acb3a7d09c6b8a8e798074f19eeeeb1f8a1881b318683e9