3.3.5 Ensure permissions on /etc/hosts.deny are configured

Information

The /etc/hosts.deny file contains network information that is used by many system applications and therefore must be readable for these applications to operate.

Rationale:

It is critical to ensure that the /etc/hosts.deny file is protected from unauthorized write access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions.

Solution

Run the following commands to set permissions on /etc/hosts.deny :

# chown root:root /etc/hosts.deny
# chmod 644 /etc/hosts.deny

See Also

https://workbench.cisecurity.org/files/2619

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv6|3.1, CSCv7|5.1

Plugin: Unix

Control ID: 0879ad98089ca18461b58edd5c2bac555fc0bd576aed58073aad0784bb62027e