The xinetd.d directory must not have an extended ACL.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22426	GEN003755	SV-29790r1_rule	ECLP-1	Medium

Description
The Internet service daemon configuration files must be protected as malicious modification could cause denial of service or increase the attack surface of the system.

STIG	Date
HP-UX 11.31 Security Technical Implementation Guide	2017-12-08

Details

Check Text ( C-36528r1_chk )
Check xinetd configuration directories for extended ACLs. Determine any xinetd configuration directories. # find / -type f -name xinetd.conf \| xargs -n1 ls -lL # cat /xinetd.conf \| grep -v "^#" \| grep includedir If xinetd.conf does not exist, or no includedir lines are returned, this is not applicable. Check the xinetd configuration directories for extended ACLs. # ls -lLd If any of these directories contain a "+" in the permissions field, the directory has an extended ACL and this is a finding.

Check Text ( C-36528r1_chk )

Check xinetd configuration directories for extended ACLs.

Determine any xinetd configuration directories.
# find / -type f -name xinetd.conf | xargs -n1 ls -lL
# cat /xinetd.conf | grep -v "^#" | grep includedir

If xinetd.conf does not exist, or no includedir lines are returned,
this is not applicable.

Check the xinetd configuration directories for extended ACLs.
# ls -lLd

If any of these directories contain a "+" in the permissions field,
the directory has an extended ACL and this is a finding.

Fix Text (F-26901r1_fix)
Remove the extended ACL from the xinetd configuration directories.