Verify Permissions On /etc/nftables Directory
An XCCDF Rule
Description
To properly set the permissions of /etc/nftables, run the command:
$ sudo chmod 0700 /etc/nftables
Rationale
Setting correct permissions on the /etc/nftables directory is important because this directory hosts nftables configuration. Protection of this directory is critical for system security. Restricting the permissions ensures exclusive control of the nftables configuration.
- ID
- xccdf_org.ssgproject.content_rule_directory_permissions_etc_nftables
- Severity
- Medium
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q nftables; then
find -H /etc/nftables/ -maxdepth 1 -perm /u+s,g+xwrs,o+xwrt -type d -exec chmod u-s,g-xwrs,o-xwrt {} \;
else
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- CCE-86318-3
- configure_strategy