3.4.4 Ensure permissions on /etc/hosts.allow are configured (Scored)
Profile Applicability
Level 1 - Server Level 1 - Workstation
Description
The /etc/hosts.allow
file contains networking information that is used by many applications and therefore must be readable for these applications to operate.
Rationale
It is critical to ensure that the /etc/hosts.allow
file is protected from unauthorized write access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions.
Audit
Run the following command and verify Uid and Gid are both 0/root and Access is 644:
# stat /etc/hosts.allow Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Remediation
Run the following commands to set permissions on /etc/hosts.allow
:
# chown root:root /etc/hosts.allow # chmod 644 /etc/hosts.allow