Disable Chromium's Ability to Traverse Firewalls

An XCCDF Rule

Details
Profiles

Description

Chromium has the ability to bypass and ignore the system firewall. This ability should be disabled. To disable this setting, set RemoteAccessHostFirewallTraversal to false in the Chromium policy file.

Rationale

Remote connections should never be allowed to bypass the system firewall as there is no way to verify if they can be trusted.

ID: xccdf_org.ssgproject.content_rule_chromium_disable_firewall_traversal
Severity: Unknown
References: DTBC0001
Updated: over 1 year ago

Remediation Templates

if ! grep -q RemoteAccessHostFirewallTraversal /etc/chromium/policies/managed/chrome_stig_policy.json; then
   sed -i -e '/{/a \  "'RemoteAccessHostFirewallTraversal'": 'false',' /etc/chromium/policies/managed/chrome_stig_policy.json
else
   sed -i -e 's/\"'RemoteAccessHostFirewallTraversal'.*/\"'RemoteAccessHostFirewallTraversal'\": 'false',/g' /etc/chromium/policies/managed/chrome_stig_policy.json
fi

Disable Chromium's Ability to Traverse Firewalls

Description

Rationale

Remediation Templates

A Shell Script