{"description": "\nTo properly set the permissions of <code>/etc/hosts.allow</code>, run the command:\n<pre>$ sudo chmod 0644 /etc/hosts.allow</pre>", "rationale": "The <tt>/etc/hosts.allow</tt> file is used to control access of clients to daemons in the\nserver. Insecure groupownership of this file could allow users to grant clients unrestricted\naccess or no access at all to services in the server.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "/etc/hosts.allow does not have unix mode -rw-r--r--", "ocil": "To check the permissions of <code>/etc/hosts.allow</code>,\nrun the command:\n<pre>$ ls -l /etc/hosts.allow</pre>\nIf properly configured, the output should indicate the following permissions:\n<code>-rw-r--r--</code>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Verify Permissions on /etc/hosts.allow", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/obsolete/inetd_and_xinetd/file_permissions_etc_hosts_allow/rule.yml", "template": {"name": "file_permissions", "vars": {"filepath": "/etc/hosts.allow", "filemode": "0644"}, "backends": {}}}