3.3.5 Ensure permissions on /etc/hosts.deny are configured

Information

The /etc/hosts.deny file contains network information that is used by many system
applications and therefore must be readable for these applications to operate.

Rationale:

It is critical to ensure that the /etc/hosts.deny file is protected from unauthorized write
access. Although it is protected by default, the file permissions could be changed either
inadvertently or through malicious actions.

Solution

Run the following commands to set permissions on /etc/hosts.deny :

# chown root:root /etc/hosts.deny
# chmod 644 /etc/hosts.deny

See Also

https://workbench.cisecurity.org/files/2420

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv6|5.1, CSCv7|5.1

Plugin: Unix

Control ID: a6e6807ccb11a2ea534e146eb3900d5bb7879416ab90e164b5520a6a3d16bf47