Skip to content

TCP Wrappers must be enabled and configured per site policy to only allow access by approved hosts and services.

An XCCDF Rule

Description

<VulnDiscussion>TCP Wrappers are a host-based access control system that allows administrators to control who has access to various network services based on the IP address of the remote end of the connection. TCP Wrappers also provide logging information via syslog about both successful and unsuccessful connections.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-216083r959010_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

The root role is required.

To enable TCP Wrappers, run the following commands:

1. Create and customize your policy in /etc/hosts.allow:
# echo "ALL: [net]/[mask], [net]/[mask], ..." > /etc/hosts.allow