UCF STIG Viewer Logo

The system's access control program must be configured to grant or deny system access to specific hosts.


Finding ID Version Rule ID IA Controls Severity
V-12030 GEN006620 SV-35222r1_rule ECCD-1 ECCD-2 ECSC-1 Medium
If the system's access control program is not configured with appropriate rules for allowing and denying access to system network resources, services may be accessible to unauthorized hosts.
HP-UX 11.23 Security Technical Implementation Guide 2013-03-28


Check Text ( C-36733r1_chk )
Check for the existence of the /etc/hosts.allow and /etc/hosts.deny files (normally located within the /etc directory).
# find /etc -type f -name hosts.allow -o -name hosts.deny | xargs -n1 ls -lL

If either file does not exist, this is a finding.

Check for the presence of a deny by default entry.
cat /hosts.deny | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' |grep -v "^#" | egrep "ALL: ALL"

If the ALL: ALL entry is not present the hosts.deny file, any TCP service from a host or network not matching other rules will be allowed access. If the entry is not in hosts.deny, this is a finding.
Fix Text (F-32114r1_fix)
Edit the /hosts.allow and