- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
The ufw
package can be installed with the following command:
$ apt-get install ufw
ufw
controls the Linux kernel network packet filtering
code. ufw
allows system operators to set up firewalls and IP
masquerading, etc.
The following script can be run on the host to remediate the issue.
#!/bin/bash
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
DEBIAN_FRONTEND=noninteractive apt-get install -y "ufw"
else
>&2 echo 'Remediation is not applicable, nothing was done'
fi
The following playbook can be run with Ansible to remediate the issue.
- name: Ensure ufw is installed
package:
name: ufw
state: present
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags:
- DISA-STIG-UBTU-20-010433
- enable_strategy
- low_complexity
- low_disruption
- medium_severity
- no_reboot_needed
- package_ufw_installed