{"description": "\nTo properly set the owner of <code>/etc/hosts.allow</code>, run the command:\n\n  <pre>$ sudo chown root /etc/hosts.allow </pre>\n  ", "rationale": "The <tt>/etc/hosts.allow</tt> file is used to control access of clients to daemons in the\nserver. Insecure groupownership of this file could allow users to grant clients unrestricted\naccess or no access at all to services in the server.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "/etc/hosts.allow does not have an owner of root", "ocil": "To check the ownership of <code>/etc/hosts.allow</code>,\nrun the command:\n<pre>$ ls -lL /etc/hosts.allow</pre>\nIf properly configured, the output should indicate the following owner:\n<code>root</code>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Verify Ownership of /etc/hosts.allow", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/obsolete/inetd_and_xinetd/file_owner_etc_hosts_allow/rule.yml", "template": {"name": "file_owner", "vars": {"filepath": "/etc/hosts.allow", "uid_or_name": "0"}, "backends": {}}}