The system must implement TCP Wrappers.

An XCCDF Rule

Description

<VulnDiscussion>TCP Wrappers is a host-based access control system that allows administrators to control who has access to various network services based on the IP address of the remote end of the connection. TCP Wrappers also provides logging information via syslog about both successful and unsuccessful connections. TCP Wrappers provides granular control over what services can be accessed over the network. Its logs show attempted access to services from non-authorized systems, which can help identify unauthorized access attempts.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-216144r959010_rule
Severity: Low
References: CCI-000366
Updated: 17 days ago

The root role is required.

Configure allowed and denied hosts per organizational policy.

1. Create and customize the policy in /etc/hosts.allow:
# echo "ALL: [net]/[mask] , [net]/[mask], ..." > /etc/hosts.allow

where each [net>/[mask> combination (for example, the Class C address block "192.168.1.0/255.255.255.0") can represent one network block in use by the organization that requires access to this system.

2. Create a default deny policy in /etc/hosts.deny: # echo "ALL: ALL" >/etc/hosts.deny

3. Enable TCP Wrappers for all services started by inetd: 

# inetadm -M tcp_wrappers=TRUE

The system must implement TCP Wrappers.

Description

Remediation - Manual Procedure