Add better firewall detection for applying automated hardening
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Security Certifications |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Release: 20.04
In this case rule 3.5.3.1.3, but from what I can gather this also applies to the 3.5.x forks as well.
---
The memcached charm relies on ufw during the install hook. The current implementation of this rule removes ufw and causes a failure during the install hook.
Workaround (not accepted by Field) is to use custom rulesets as outlined here:
https:/
Another workaround (not accepted by Solutions-QA) is to manually apply remediation:
Set xccdf_com.
As stated in the documentation, the USG only supports iptables as the firewall of choice. Newer versions of the USG may support other fw technologies, but to make this specific one support would require significate overhaul of the scripts.