Check: GEN006580
HP-UX 11.23 STIG:
GEN006580
(in version v1 r8)
Title
The system must use an access control program. (Cat II impact)
Discussion
Access control programs (such as TCP_WRAPPERS) provide the ability to enhance system security posture.
Check Content
Locate the inetd.conf file (normally located within the /etc directory). # find /etc -type f -name inetd.conf Determine if TCP_WRAPPERS is used. The following example demonstrates one possible single inetd.conf line first without and then with the service tcp wrapped. telnet stream tcp6 nowait root /usr/sbin/telnetd telnetd telnet stream tcp6 nowait root /usr/sbin/tcpd telnetd # cat <path>/inetd.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' |grep -v "^#" | grep tcpd If there are unwrapped active services listed, this is a finding.
Fix Text
Edit /etc/inetd.conf and use tcpd to wrap active services.
Additional Identifiers
Rule ID: SV-35198r1_rule
Vulnerability ID: V-940
Group Title: GEN006580
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |