2.1 Configure TCP Wrappers

Information

TCP Wrappers is a host-based access control system that allows administrators to control who has access to various network services based on the IP address of the remote end of the connection. TCP Wrappers also provide logging information via syslog about both successful and unsuccessful connections.

Rationale:

TCP Wrappers provides granular control over what services can be accessed over the network. Its logs show attempted access to services from non-authorized systems, which can help identify unauthorized access attempts.

Solution

To enable TCP Wrappers, run the following commands:

Create and customize your policy in /etc/hosts.allow:

# echo 'ALL: <net>/<mask>, <net/<mask>, ...' > /etc/hosts.allow

where each / combination (for example, the Class C address block '192.168.1.0/255.255.255.0') can represent one network block in use by your organization that requires access to this system.

Create a default deny policy in /etc/hosts.deny:

# echo 'ALL: ALL' >/etc/hosts.deny

Enable TCP Wrappers for all services started by inetd:

# inetadm -M tcp_wrappers=TRUE

To protect only specific inetd services, use the command:

# inetadm -m [FMRI] tcp_wrappers=TRUE

where [FMRI] is the service to protect.
To enable TCP Wrappers for the RPC port mapping service, use the commands:

# svccfg -s rpc/bind setprop config/enable_tcpwrappers=true

# svcadm refresh rpc/bind

To protect UDP and RPC-based services that are spawned from inetd, consider implementing a host-based firewall. Oracle Solaris PF firewall (a.k.a. PF) has replaced Solaris IP Filter (IPF) in Solaris 11.4. See firewall(5) for more information.

See Also

https://workbench.cisecurity.org/benchmarks/4777

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CA-9, 800-53|SC-7, 800-53|SC-7(5), CSCv7|9.4

Plugin: Unix

Control ID: aedd492b547c41b1623c438785543debb531560f1668fa45a50889300f4728fd