The xinetd.d directory must have mode 0755 or less permissive.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22425	GEN003750	SV-35074r1_rule	ECLP-1	Medium

Description
The Internet service daemon configuration files must be protected as malicious modification could cause Denial of Service or increase the attack surface of the system.

STIG	Date
HP-UX 11.31 Security Technical Implementation Guide	2016-12-20

Details

Check Text ( C-36527r1_chk )
Check the (x)inetd.conf file for any included directories. # find / -type f -name xinetd.conf \| xargs -n1 ls -lL # cat /xinetd.conf \| grep -v "^#" \| grep includedir If (x)inetd.conf does not exist, or there is no includedir stanza, this is not a finding. Individually check the mode of any directories in the configuration file. # ls -lLd If any of the included directories has a mode more permissive than 0755, this is a finding.

Check Text ( C-36527r1_chk )

Check the (x)inetd.conf file for any included directories.

# find / -type f -name xinetd.conf | xargs -n1 ls -lL
# cat /xinetd.conf | grep -v "^#" | grep includedir

If (x)inetd.conf does not exist, or there is no includedir stanza, this is not a finding.

Individually check the mode of any directories in the configuration file.
# ls -lLd

If any of the included directories has a mode more permissive than 0755, this is a finding.

Fix Text (F-31888r1_fix)
Change the mode of included xinetd configuration directories to 0755. # chmod 0755