Ubuntu Security Guide

  1. Bug #2061213
  2. Activity log

Activity log for bug #2061213

Date Who What changed Old value New value Message
2024-04-13 11:41:24 Przemyslaw Hausman bug added bug
2024-04-13 11:58:01 Przemyslaw Hausman summary Check ip6tables_rules_for_open_ports.sh incorrectly incorrectly parses output of `ip6tables -L INPUT -v -n` Check ip6tables_rules_for_open_ports.sh incorrectly parses output of `ip6tables -L INPUT -v -n`
2024-04-13 12:33:24 Przemyslaw Hausman description Check /usr/share/ubuntu-scap-security-guides/1/benchmarks/ubuntu2204/checks/sce/ip6tables_rules_for_open_ports.sh incorrectly parses the output of `ip6tables -L INPUT -v -n`. As a result, ip6tables_rules_for_open_ports.sh check returns incorrect return value, marking the rule failed. I have the system with the following opened ports: ``` # ss -6tuln Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process udp UNCONN 0 0 [fc00:722d:3a95:450e:f816:3eff:fe96:aedf]:5555 [::]:* udp UNCONN 0 0 [::]:6081 [::]:* tcp LISTEN 0 1024 [::1]:11211 [::]:* tcp LISTEN 0 100 [::1]:25 [::]:* tcp LISTEN 0 128 [::]:22 [::]:* tcp LISTEN 0 511 *:80 *:* tcp LISTEN 0 511 *:443 *:* tcp LISTEN 0 511 *:9856 *:* tcp LISTEN 0 511 *:9866 *:* tcp LISTEN 0 4096 *:9876 *:* ``` On this system, running the check fails because: ``` # ss -6tuln | awk '($5!~/%lo:/ && $5!~/127.0.0.1:/ && $5!~/::1/) {split($5, a, ":"); print a[2]}i' | sor t | uniq 443 722d <---- THIS IS INCORRECT 80 9856 9866 9876 ``` usg version: 22.04.6 Check /usr/share/ubuntu-scap-security-guides/1/benchmarks/ubuntu2204/checks/sce/ip6tables_rules_for_open_ports.sh incorrectly parses the output of `ip6tables -L INPUT -v -n`. As a result, ip6tables_rules_for_open_ports.sh check returns incorrect return value, marking the rule failed. I have the system with the following opened ports: ``` # ss -6tuln Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process udp UNCONN 0 0 [fc00:722d:3a95:450e:f816:3eff:fe96:aedf]:5555 [::]:* udp UNCONN 0 0 [::]:6081 [::]:* tcp LISTEN 0 1024 [::1]:11211 [::]:* tcp LISTEN 0 100 [::1]:25 [::]:* tcp LISTEN 0 128 [::]:22 [::]:* tcp LISTEN 0 511 *:80 *:* tcp LISTEN 0 511 *:443 *:* tcp LISTEN 0 511 *:9856 *:* tcp LISTEN 0 511 *:9866 *:* tcp LISTEN 0 4096 *:9876 *:* ``` On this system, running the check fails because: ``` # ss -6tuln | awk '($5!~/%lo:/ && $5!~/127.0.0.1:/ && $5!~/::1/) {split($5, a, ":"); print a[2]}i' | sor t | uniq 443 722d <---- THIS IS INCORRECT 80 9856 9866 9876 ```
2024-04-18 06:39:12 Miha Purg usg: status New Confirmed
2024-04-18 06:39:15 Miha Purg usg: assignee Miha Purg (mihap)
2024-04-18 07:32:41 Miha Purg usg: status Confirmed In Progress
2024-04-18 18:01:21 Miha Purg usg: status In Progress Fix Committed
2024-06-18 16:21:13 Miha Purg usg: status Fix Committed Fix Released