UCF STIG Viewer Logo

The inetd.conf and xinetd.conf files must not have extended ACLs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22424 GEN003745 SV-26652r1_rule ECLP-1 Medium
Description
The Internet service daemon configuration files must be protected as malicious modification could cause Denial of Service or increase the attack surface of the system.
STIG Date
SOLARIS 9 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-39295r1_chk )
Check the permissions of the inetd configuration file.
# ls -lL /etc/inet/inetd.conf
If the permissions include a "+", the file has an extended ACL and this is a finding.
Fix Text (F-23893r1_fix)
Remove the extended ACL from the file.
# getfacl /etc/inetd.conf
Remove each ACE returned.
# setfacl -d [ACE] /etc/inetd.conf