UCF STIG Viewer Logo

The xinetd.d directory must not have an extended ACL.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22426 GEN003755 SV-26090r1_rule ECLP-1 Medium
Description
The Internet service daemon configuration files must be protected as malicious modification could cause Denial-of-Service or increase the attack surface of the system.
STIG Date
UNIX SRG 2013-03-26

Details

Check Text ( C-30072r1_chk )
Check xinetd configuration directories for extended ACLs.

Determine any xinetd configuration directories.
Procedure:
# grep includedir /etc/xinetd.conf

If xinetd.conf does not exist, or no includedir lines are returned, this is not applicable.

Check the xinetd configuration directories for extended ACLs.
Procedure:
# ls -lL

If any of these directories contain a "+" in the permissions field, the directory has an extended ACL and this is a finding.
Fix Text (F-26901r1_fix)
Remove the extended ACL from the xinetd configuration directories.