Check: GEN003900
HP-UX 11.31 STIG:
GEN003900
(in versions v1 r19 through v1 r13)
Title
The hosts.lpd file (or equivalent) must not contain a "+" character. (Cat II impact)
Discussion
Having the "+" character in the hosts.lpd (or equivalent) file allows all hosts to use local system print resources.
Check Content
Look for the presence of a print service configuration file. The hosts.lpd file is not used on HP, only inetd.sec, hosts.equiv, and/or the system (lp) .rhosts will apply. When rlpdaemon is started via inetd, access control is provided via the fileinetd.sec to allow or prevent a host from making print requests. When rlpdaemon is started at boot via a run command file, all requests must come from one of the machines listed in the file /etc/hosts.equiv or /var/spool/lp/.rhosts. Procedure: First, determine the rlpdaemon startup method: 1) Print services started via inetd? # cat /etc/inetd.conf | grep -v "^#" | grep -c rlpdaemon If the above command return value is 1, check the services file. # cat /etc/services | grep -v "^#" | grep printer | grep -c spooler If the above command return value is 1, check the inetd.sec file. # cat /var/adm/inetd.sec | grep -v "^#" | tr '\011' ' ' | tr -s ' ' | grep printer | grep allow | grep -c "\+" If the above command return value is 1, this is a finding. 2) The rlpdaemon is started as a service, and not via inetd. Verify neither the /etc/hosts.equiv nor /var/spool/lp/.rhosts contains a "+": # cat /etc/hosts.equiv | grep -v "^#" | grep -c "\+" # cat /var/spool/lp/.rhosts | grep -v "^#" | grep -c "\+" If the return value of either of the above two command(s) is 1, this is a finding. If none of the files are found, this check should be marked not a finding. Otherwise, examine the configuration file. # more <print service file> Check for entries containing a "+" or "_" character. If any are found, this is a finding.
Fix Text
Remove the "+" entries from the hosts.lpd (or equivalent) file.
Additional Identifiers
Rule ID: SV-35140r1_rule
Vulnerability ID: V-827
Group Title: GEN003900
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |