Ensure /etc/hosts.deny is configured
An XCCDF Rule
Description
The file /etc/hosts.deny
together with /etc/hosts.allow
provides a
simple access control mechanism for network services supporting TCP wrappers.
The following line in the file ensures that access to services supporting this mechanism is denied to any clients
not mentioned in /etc/hosts.allow
:
ALL: ALLIt is advised to inspect available network services which might be affected by modification of file mentioned above prior to performing the remediation of this rule. If there exist services which might be affected and access to them should not be blocked, modify the
/etc/hosts.allow
file appropriately before performing the remediation.
warning alert: Functionality Warning
This rule affects all access to services which honor
/etc/hosts.allow
and /etc/hosts.deny
files.
Connections to services originating from hosts not explicitly mentioned in /etc/hosts.allow
will be rejected.
To avoid locking down all network access to the system, this rule doesn't perform automated remediation.
For information about manual process of remediation see the rule description.Rationale
Correct configuration in /etc/hosts.deny
ensures that no explicitly mentioned clients will be able to connect to services supporting this access control mechanism.
- ID
- xccdf_org.ssgproject.content_rule_configure_etc_hosts_deny
- Severity
- Medium
- References
- Updated