3.3.3 Ensure /etc/hosts.deny is configured

Information

The /etc/hosts.deny file specifies which IP addresses are not permitted to connect to the host. It is intended to be used in conjunction with the /etc/hosts.allow file.

Rationale:

The /etc/hosts.deny file serves as a failsafe so that any host not specified in /etc/hosts.allow is denied access to the system.

Solution

Run the following command to create /etc/hosts.deny:

# echo 'ALL: ALL' >> /etc/hosts.deny

Additional Information:

Contents of the /etc/hosts.deny file may include additional options depending on your network configuration.

See Also

https://workbench.cisecurity.org/files/2970

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12), CSCv6|9.2, CSCv7|9.4

Plugin: Unix

Control ID: 29181d084ad5c119114f6007a0ade7f32b5bb7f62d8fb673f0dcd221b52c2953