Rules Related To 'libreswan'

Component overview

Relevant packages:

Relevant groups:

Changelog:

No changes recorded.

Relevant rules:

Rule details

Verify Group Who Owns /etc/ipsec.d Directory

directory_groupowner_etc_ipsecd

Description

To properly set the group owner of /etc/ipsec.d, run the command:

$ sudo chgrp root /etc/ipsec.d

Rationale

The ownership of the /etc/ipsec.d directory by the root group is important because this directory hosts Libreswan configuration. Protection of this file is critical for system security. Assigning the ownership to root ensures exclusive control of the Libreswan configuration.

Verify User Who Owns /etc/ipsec.d Directory

directory_owner_etc_ipsecd

Description

To properly set the owner of /etc/ipsec.d, run the command:

$ sudo chown root /etc/ipsec.d 

Rationale

The ownership of the /etc/ipsec.d directory by the root user is important because this directory hosts Libreswan configuration. Protection of this file is critical for system security. Assigning the ownership to root ensures exclusive control of the Libreswan configuration.

Verify Permissions On /etc/ipsec.d Directory

directory_permissions_etc_ipsecd

Description

To properly set the permissions of /etc/ipsec.d, run the command:

$ sudo chmod 0700 /etc/ipsec.d

Rationale

Setting correct permissions on the /etc/ipsec.d directory is important because this directory hosts Libreswan configuration. Protection of this directory is critical for system security. Restricting the permissions ensures exclusive control of the Libreswan configuration.

Verify Group Who Owns /etc/ipsec.conf File

file_groupowner_etc_ipsec_conf

Description

To properly set the group owner of /etc/ipsec.conf, run the command:

$ sudo chgrp root /etc/ipsec.conf

Rationale

The ownership of the /etc/ipsec.conf file by the root group is important because this file hosts Libreswan configuration. Protection of this file is critical for system security. Assigning the ownership to root ensures exclusive control of the Libreswan configuration.

Verify Group Who Owns /etc/ipsec.secrets File

file_groupowner_etc_ipsec_secrets

Description

To properly set the group owner of /etc/ipsec.secrets, run the command:

$ sudo chgrp root /etc/ipsec.secrets

Rationale

The ownership of the /etc/ipsec.secrets file by the root group is important because this file hosts Libreswan configuration. Protection of this file is critical for system security. Assigning the ownership to root ensures exclusive control of the Libreswan configuration.

Verify User Who Owns /etc/ipsec.conf File

file_owner_etc_ipsec_conf

Description

To properly set the owner of /etc/ipsec.conf, run the command:

$ sudo chown root /etc/ipsec.conf 

Rationale

The ownership of the /etc/ipsec.conf file by the root user is important because this file hosts Libreswan configuration. Protection of this file is critical for system security. Assigning the ownership to root ensures exclusive control of the Libreswan configuration.

Verify User Who Owns /etc/ipsec.secrets File

file_owner_etc_ipsec_secrets

Description

To properly set the owner of /etc/ipsec.secrets, run the command:

$ sudo chown root /etc/ipsec.secrets 

Rationale

The ownership of the /etc/ipsec.secrets file by the root user is important because this file hosts Libreswan configuration. Protection of this file is critical for system security. Assigning the ownership to root ensures exclusive control of the Libreswan configuration.

Verify Permissions On /etc/ipsec.conf File

file_permissions_etc_ipsec_conf

Description

To properly set the permissions of /etc/ipsec.conf, run the command:

$ sudo chmod 0644 /etc/ipsec.conf

Rationale

Setting correct permissions on the /etc/ipsec.conf file is important because this file hosts Libreswan configuration. Protection of this file is critical for system security. Restricting the permissions ensures exclusive control of the Libreswan configuration.

Verify Permissions On /etc/ipsec.secrets File

file_permissions_etc_ipsec_secrets

Description

To properly set the permissions of /etc/ipsec.secrets, run the command:

$ sudo chmod 0644 /etc/ipsec.secrets

Rationale

Setting correct permissions on the /etc/ipsec.secrets file is important because this file hosts Libreswan configuration. Protection of this file is critical for system security. Restricting the permissions ensures exclusive control of the Libreswan configuration.

Verify Any Configured IPSec Tunnel Connections

libreswan_approved_tunnels

Description

Libreswan provides an implementation of IPsec and IKE, which permits the creation of secure tunnels over untrusted networks. As such, IPsec can be used to circumvent certain network requirements such as filtering. Verify that if any IPsec connection (conn) configured in /etc/ipsec.conf and /etc/ipsec.d exists is an approved organizational connection.

Rationale

IP tunneling mechanisms can be used to bypass network filtering.

Install libreswan Package

package_libreswan_installed

Description

The libreswan package provides an implementation of IPsec and IKE, which permits the creation of secure tunnels over untrusted networks. The libreswan package can be installed with the following command:

$ sudo dnf install libreswan

Rationale

Providing the ability for remote users or systems to initiate a secure VPN connection protects information when it is transmitted over a wide area network.

Install strongswan Package

package_strongswan_installed

Description

The Strongswan package provides an implementation of IPsec and IKE, which permits the creation of secure tunnels over untrusted networks. The strongswan package can be installed with the following command:

$ sudo dnf install strongswan

Rationale

Providing the ability for remote users or systems to initiate a secure VPN connection protects information when it is transmitted over a wide area network.