Title

The system must use an access control program. (Cat II impact)

Discussion

Access control programs (such as TCP_WRAPPERS) provide the ability to enhance system security posture.

Check Content

Locate the inetd.conf file (normally located within the /etc directory). # find /etc -type f -name inetd.conf Determine if TCP_WRAPPERS is used. The following example demonstrates one possible single inetd.conf line first without and then with the service tcp wrapped. telnet stream tcp6 nowait root /usr/sbin/telnetd telnetd telnet stream tcp6 nowait root /usr/sbin/tcpd telnetd # cat <path>/inetd.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' |grep -v "^#" | grep tcpd If there are unwrapped active services listed, this is a finding.

Fix Text

Edit /etc/inetd.conf and use tcpd to wrap active services.

Additional Identifiers

Rule ID: SV-35198r1_rule

Vulnerability ID: V-940

Group Title: GEN006580

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.