2.4 Configure TCP Wrappers - Make sure that /etc/hosts.deny does exist.

Information

TCP Wrappers is a host-based access control system that allows administrators to control who has access to various network services based on the IP address of the remote end of the connection. TCP Wrappers also provide logging information via syslog about both successful and unsuccessful connections. Rather than enabling TCP Wrappers for all services with 'inetadm -M ...', the administrator has the option of enabling TCP Wrappers for individual services with 'inetadm -m 'svcname' tcp_wrappers=TRUE', where 'svcname' is the name of the specific service that uses TCP Wrappers.

Solution

Please refer to the remediation steps on page 36 of the CIS document.

See Also

https://workbench.cisecurity.org/files/614

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|3.1

Plugin: Unix

Control ID: ca433877414fa0ed68d3da0292b9036915a962b8edba7a6fa828110df4926977