Check: GEN003920
HP-UX 11.31 STIG:
GEN003920
(in versions v1 r19 through v1 r13)
Title
The hosts.lpd (or equivalent) file must be owned by root, bin, sys, or lp. (Cat II impact)
Discussion
Failure to give ownership of the hosts.lpd file to root, bin, sys, or lp provides the designated owner, and possible unauthorized users, with the potential to modify the hosts.lpd file. Unauthorized modifications could disrupt access to local printers from authorized remote hosts or permit unauthorized remote access to local printers.
Check Content
Locate any print service configuration file(s) on the system. HP vendor documentation identifies the following names and locations of print service configuration files on the system that can be checked via the following commands: # ls -lL /var/spool/lp/.rhosts # ls -lL /var/adm/inetd.sec # ls -lL /etc/hosts.equiv If no print service configuration file is found, this is not a finding. Check the ownership of the print service configuration file(s). # ls -lL <print service configuration file> If the owner of the file is not root, sys, bin, or lp, this is a finding.
Fix Text
Change the owner of the /etc/hosts.lpd file (or equivalent) to root, lp, or another privileged UID. # chown root <print service configuration file>
Additional Identifiers
Rule ID: SV-35143r1_rule
Vulnerability ID: V-828
Group Title: GEN003920
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000225 |
The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions. |
Controls
Number | Title |
---|---|
AC-6 |
Least Privilege |