Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cis-dil-benchmark-3.5.1.3 and cis-dil-benchmark-3.5.2.3 should include conntrack module #118

Open
fargburger opened this issue Jan 13, 2022 · 0 comments
Open

cis-dil-benchmark-3.5.1.3 and cis-dil-benchmark-3.5.2.3 should include conntrack module #118

fargburger opened this issue Jan 13, 2022 · 0 comments

Comments

@fargburger
Copy link
Contributor

Is your feature request related to a problem? Please describe.
cis benchmarks show false negative errors, conntrack is equivalent or better than state module for iptables.

Describe the solution you'd like
Running inspec against ubuntu devices using conntrack module for connection tracking should validate

-m conntrack --ctstate NEW,ESTABLISHED
as well as
-m state --state NEW,ESTABLISHED

Describe alternatives you've considered
Add -m state after -m conntrack works, but adds unnecessary lines to iptables

Additional context
Add any other context or screenshots about the feature request here.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fargburger