The system must use an access control program.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-940	GEN006580	SV-35198r1_rule	EBRU-1	Medium

Description
Access control programs (such as TCP_WRAPPERS) provide the ability to enhance system security posture.

STIG	Date
HP-UX 11.31 Security Technical Implementation Guide	2018-03-01

Details

Check Text ( C-35044r1_chk )
Locate the inetd.conf file (normally located within the /etc directory). # find /etc -type f -name inetd.conf Determine if TCP_WRAPPERS is used. The following example demonstrates one possible single inetd.conf line first without and then with the service tcp wrapped. telnet stream tcp6 nowait root /usr/sbin/telnetd telnetd telnet stream tcp6 nowait root /usr/sbin/tcpd telnetd # cat /inetd.conf \| tr '\011' ' ' \| tr -s ' ' \| sed -e 's/^[ \t]*//' \|grep -v "^#" \| grep tcpd If there are unwrapped active services listed, this is a finding.

Check Text ( C-35044r1_chk )

Locate the inetd.conf file (normally located within the /etc directory).
# find /etc -type f -name inetd.conf

Determine if TCP_WRAPPERS is used. The following example demonstrates one possible single inetd.conf line first without and then with the service tcp wrapped.
telnet stream tcp6 nowait root /usr/sbin/telnetd telnetd
telnet stream tcp6 nowait root /usr/sbin/tcpd telnetd

# cat /inetd.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' |grep -v "^#" | grep tcpd

If there are unwrapped active services listed, this is a finding.

Fix Text (F-30334r1_fix)
Edit /etc/inetd.conf and use tcpd to wrap active services.