Table of Contents

3.4.1 Ensure TCP Wrappers is installed (Scored)

Profile Applicability

Level 1 - Server
Level 1 - Workstation 

Description

TCP Wrappers provides a simple access list and standardized logging method for services capable of supporting it. In the past, services that were called from inetd and xinetd supported the use of tcp wrappers. As inetd and xinetd have been falling in disuse, any service that can support tcp wrappers will have the libwrap.so library attached to it.

Rationale

TCP Wrappers provide a good simple access list mechanism to services that may not have that support built in. It is recommended that all services that can support TCP Wrappers, use it.

Audit

Run the following command and verify tcp_wrappers is installed:

# rpm -q tcp_wrappers 
tcp_wrappers-<version>

Run the following command and verify libwrap.so is installed:

# rpm -q tcp_wrappers-libs 
tcp_wrappers-libs-<version>

Remediation

Run the following command to install tcp_wrappers:

# yum install tcp_wrappers

Notes

To verify if a service supports TCP Wrappers, run the following command:

# ldd <path-to-daemon> | grep libwrap.so

If there is any output, then the service supports TCP Wrappers.