Uninstall tcpd Package

An XCCDF Rule

Description

The tcpd package can be removed with the following command:

$ sudo zypper remove tcpd

Rationale

Administrators can use TCP wrapper library and daemon for host control over network services. In these implementations, xinetd runs tcpd program, which first looks at the incomming connection as well as the access control lists in the /etc/hosts.allow and /etc/hosts.deny files. Removing the xinetd package decreases the risk of the xinetd service's accidental (or intentional) activation. The removal of tcpd package will support this protective measure in addition.

ID: xccdf_org.ssgproject.content_rule_package_tcp_wrappers_removed
Severity: Low
References: BP28(R1)

11 12 14 15 3 8 9

APO13.01 BAI10.01 BAI10.02 BAI10.03 BAI10.05 DSS01.04 DSS05.02 DSS05.03 DSS05.05 DSS06.06

CCI-000305

164.308(a)(4)(i) 164.308(b)(1) 164.308(b)(3) 164.310(b) 164.312(e)(1) 164.312(e)(2)(ii)

4.3.3.5.1 4.3.3.5.2 4.3.3.5.3 4.3.3.5.4 4.3.3.5.5 4.3.3.5.6 4.3.3.5.7 4.3.3.5.8 4.3.3.6.1 4.3.3.6.2 4.3.3.6.3 4.3.3.6.4 4.3.3.6.5 4.3.3.6.6 4.3.3.6.7 4.3.3.6.8 4.3.3.6.9 4.3.3.7.1 4.3.3.7.2 4.3.3.7.3 4.3.3.7.4 4.3.4.3.2 4.3.4.3.3

SR 1.1 SR 1.10 SR 1.11 SR 1.12 SR 1.13 SR 1.2 SR 1.3 SR 1.4 SR 1.5 SR 1.6 SR 1.7 SR 1.8 SR 1.9 SR 2.1 SR 2.2 SR 2.3 SR 2.4 SR 2.5 SR 2.6 SR 2.7 SR 3.1 SR 3.5 SR 3.8 SR 4.1 SR 4.3 SR 5.1 SR 5.2 SR 5.3 SR 7.1 SR 7.6

A.11.2.6 A.12.1.2 A.12.5.1 A.12.6.2 A.13.1.1 A.13.2.1 A.14.1.3 A.14.2.2 A.14.2.3 A.14.2.4 A.6.2.1 A.6.2.2 A.9.1.2

CM-6(a) CM-7(a) CM-7(b)

PR.AC-3 PR.IP-1 PR.PT-3 PR.PT-4

2.1.1

CCE-92318-5
Updated: about 1 year ago

- name: Ensure tcpd is removed
  package:
    name: tcpd
    state: absent
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:  - CCE-92318-5
  - NIST-800-53-CM-6(a)
  - NIST-800-53-CM-7(a)
  - NIST-800-53-CM-7(b)
  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - package_tcp_wrappers_removed

include remove_tcpd

class remove_tcpd {
  package { 'tcpd':
    ensure => 'purged',
  }}

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

# CAUTION: This remediation script will remove tcpd
#	   from the system, and may remove any packages
#	   that depend on tcpd. Execute this#	   remediation AFTER testing on a non-production
#	   system!

zypper remove -y "tcpd"

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Uninstall tcpd Package

Description

Rationale

Remediation - Ansible

Remediation - Puppet

Remediation - Shell Script