Check: GEN003940
HP-UX 11.31 STIG:
GEN003940
(in versions v1 r19 through v1 r13)
Title
The hosts.lpd (or equivalent) must have mode 0644 or less permissive. (Cat II impact)
Discussion
Excessive permissions on the hosts.lpd (or equivalent) file may permit unauthorized modification. Unauthorized modifications could disrupt access to local printers from authorized remote hosts or permit unauthorized remote access to local printers.
Check Content
Locate any print service configuration file(s) on the system. HP vendor documentation identifies the following names and locations of print service configuration files on the system that can be checked via the following commands: # ls -lL /var/spool/lp/.rhosts # ls -lL /var/adm/inetd.sec # ls -lL /etc/hosts.equiv If no print service configuration file is found, this is not a finding. Check the mode of the print service configuration file. # ls -lL <print service configuration file> If the mode of the print service configuration file is more permissive than 0644, this is a finding.
Fix Text
Change the mode of the /etc/hosts.lpd file (or equivalent) to 0644 or less permissive. Procedure: # chmod 0644 <print service configuration file>
Additional Identifiers
Rule ID: SV-35148r1_rule
Vulnerability ID: V-829
Group Title: GEN003940
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000225 |
Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned organizational tasks. |
Controls
| Number | Title |
|---|---|
| AC-6 |
Least Privilege |