3.4.5 Ensure permissions on /etc/hosts.deny are configured

Information

The /etc/hosts.deny file contains network information that is used by many system applications and therefore must be readable for these applications to operate.

Rationale:

It is critical to ensure that the /etc/hosts.deny file is protected from unauthorized write access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions.

Solution

Run the following commands to set permissions on /etc/hosts.deny :

# chown root:root /etc/hosts.deny
# chmod 644 /etc/hosts.deny

See Also

https://workbench.cisecurity.org/files/3738

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 74afd8d13e0d9cd4f26080e7d1b44d14c32a2a125414308d9379fc30c5c85e66