Verify Permissions On /etc/iptables Directory
An XCCDF Rule
Description
To properly set the permissions of /etc/iptables, run the command:
$ sudo chmod 0600 /etc/iptables
Rationale
Setting correct permissions on the /etc/iptables directory is important because this directory hosts iptables configuration. Protection of this directory is critical for system security. Restricting the permissions ensures exclusive control of the iptables configuration.
- ID
- xccdf_org.ssgproject.content_rule_directory_permissions_etc_iptables
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- configure_strategy
- directory_permissions_etc_iptables
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q iptables; then
find -H /etc/iptables/ -maxdepth 1 -perm /u+xs,g+xwrs,o+xwrt -type d -exec chmod u-xs,g-xwrs,o-xwrt {} \;
else