UCF STIG Viewer Logo

The xinetd.d directory must not have an extended ACL.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22426 GEN003755 SV-29790r1_rule ECLP-1 Medium
Description
The Internet service daemon configuration files must be protected as malicious modification could cause denial of service or increase the attack surface of the system.
STIG Date
HP-UX 11.23 Security Technical Implementation Guide 2015-12-02

Details

Check Text ( C-36528r1_chk )
Check xinetd configuration directories for extended ACLs.

Determine any xinetd configuration directories.
# find / -type f -name xinetd.conf | xargs -n1 ls -lL
# cat /xinetd.conf | grep -v "^#" | grep includedir

If xinetd.conf does not exist, or no includedir lines are returned,
this is not applicable.

Check the xinetd configuration directories for extended ACLs.
# ls -lLd

If any of these directories contain a "+" in the permissions field,
the directory has an extended ACL and this is a finding.
Fix Text (F-26901r1_fix)
Remove the extended ACL from the xinetd configuration directories.