Ensure /etc/hosts.deny is configured
An XCCDF Rule
Description
The file /etc/hosts.deny together with /etc/hosts.allow provides a
simple access control mechanism for network services supporting TCP wrappers.
The following line in the file ensures that access to services supporting this mechanism is denied to any clients
not mentioned in /etc/hosts.allow:
ALL: ALLIt is advised to inspect available network services which might be affected by modification of file mentioned above prior to performing the remediation of this rule. If there exist services which might be affected and access to them should not be blocked, modify the
/etc/hosts.allow file appropriately before performing the remediation.
warning alert: Functionality Warning
This rule affects all access to services which honor
/etc/hosts.allow and /etc/hosts.deny files.
Connections to services originating from hosts not explicitly mentioned in /etc/hosts.allow will be rejected.
To avoid locking down all network access to the system, this rule doesn't perform automated remediation.
For information about manual process of remediation see the rule description.Rationale
Correct configuration in /etc/hosts.deny ensures that no explicitly mentioned clients will be able to connect to services supporting this access control mechanism.
- ID
- xccdf_org.ssgproject.content_rule_configure_etc_hosts_deny
- Severity
- Medium
- Updated