Verify nftables Service is Enabled
An XCCDF Rule
Description
The nftables service allows for the loading of nftables rulesets during boot, or starting on the nftables service Thenftables service can be enabled with the following command:
$ sudo systemctl enable nftables.service
Rationale
The nftables service restores the nftables rules from the rules files referenced
in the /etc/sysconfig/nftables.conf file during boot or the starting of
the nftables service
- ID
- xccdf_org.ssgproject.content_rule_service_nftables_enabled
- Severity
- Medium
- References
- Updated
Remediation Templates
A Puppet Snippet
include enable_nftables
class enable_nftables {
service {'nftables':
enable => true,
ensure => 'running',
}
}
An Ansible Snippet
- name: Gather the package facts
package_facts:
manager: auto
tags:
- CCE-86725-9
- enable_strategyscript:kickstart
service enable nftables
OS Build Blueprint
[customizations.services]
enabled = ["nftables"]
A Shell Script
# Remediation is applicable only in certain platforms
if ( rpm --quiet -q nftables && rpm --quiet -q kernel ); then
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'nftables.service'
"$SYSTEMCTL_EXEC" start 'nftables.service'
"$SYSTEMCTL_EXEC" enable 'nftables.service'