{"description": "\nTo properly set the group owner of <code>/etc/hosts.allow</code>, run the command:\n\n  <pre>$ sudo chgrp root /etc/hosts.allow</pre>\n  ", "rationale": "The <tt>/etc/hosts.allow</tt> file is used to control access of clients to daemons in the\nserver. Insecure groupownership of this file could allow users to grant clients unrestricted\naccess or no access at all to services in the server.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "/etc/hosts.allow does not have a group owner of\nroot\n", "ocil": "To check the group ownership of <code>/etc/hosts.allow</code>,\nrun the command:\n<pre>$ ls -lL /etc/hosts.allow</pre>\nIf properly configured, the output should indicate the following group-owner:\n\n  <code>root</code>\n  ", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Verify Group Ownership of /etc/hosts.allow", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/obsolete/inetd_and_xinetd/file_groupowner_etc_hosts_allow/rule.yml", "template": {"name": "file_groupowner", "vars": {"filepath": "/etc/hosts.allow", "gid_or_name": "0"}, "backends": {}}}