{"description": "The file <tt>/etc/hosts.deny</tt> together with <tt>/etc/hosts.allow</tt> provides a\nsimple access control mechanism for network services supporting TCP wrappers.\nThe following line in the file ensures that access to services supporting this mechanism is denied to any clients\nnot mentioned in <tt>/etc/hosts.allow</tt>:\n<pre>ALL: ALL</pre>\nIt is advised to inspect available network services which might be affected by modification of file mentioned above prior to performing the remediation of this rule.\nIf there exist services which might be affected and access to them should not be blocked,\nmodify the <tt>/etc/hosts.allow</tt> file appropriately before performing the remediation.", "rationale": "Correct configuration in <tt>/etc/hosts.deny</tt> ensures that no explicitly mentioned clients will be able to connect to services supporting this access control mechanism.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "access to services supporting TCP wrappers is not properly configured", "ocil": "Display contents of the file:\n<pre>cat /etc/hosts.deny</pre>\nVerify that the output contains the following line:\n<pre>ALL: ALL</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"functionality": "This rule affects all access to services which honor <tt>/etc/hosts.allow</tt> and <tt>/etc/hosts.deny</tt> files.\nConnections to services originating from hosts not explicitly mentioned in <tt>/etc/hosts.allow</tt> will be rejected.\nTo avoid locking down all network access to the system, this rule doesn't perform automated remediation.\nFor information about manual process of remediation see the rule description."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Ensure /etc/hosts.deny is configured", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/obsolete/inetd_and_xinetd/configure_etc_hosts_deny/rule.yml", "template": null}