Non-wrapped services (UNIX)

Module: Startup Files

This check reports services that are not wrapped with an approved wrapper. Use the check's name list to specify approved wrappers that will not be reported by the check. Service wrappers provide access control and logging of inetd services. This check is ignored on any system that is not running inetd, including systems running xinetd, because xinetd provides access control and logging without the need for additional wrappers.On Solaris 10 this Check reports for Default Setting of tcp_wrappers and the setting for individual services which are Enabled or online.

The following table lists the error messages for the check.

Table: Error messages for Non-wrapped services

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_NON_WRAPPED_SERVICE Category: Policy Compliance	UNIX (5868)	Title: Non-wrapped service Description:ESM found an inetd service that is not wrapped by one of the wrappers listed for the Non-wrapped Services check. Service wrappers are used to restrict access to the wrapped service. Services that are not wrapped can be a security risk. You should use wrappers to control who has access to network services and to log the use of services.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_DEF_NON_WRAPPED_SERVICE Category: Policy Compliance	UNIX (5888)	Title: Default Settings for inetd Non-wrapped service Description:ESM found that in default settings for inetd services tcp_wrappers is not set to TRUE. Service wrappers are used to restrict access to the wrapped service. Services that are not wrapped can be a security risk. You should use wrappers to control who has access to network services and to log the use of services.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_NON_WRAPPED_SERVICE

Category: Policy Compliance

UNIX (5868)

Title: Non-wrapped service

Description:ESM found an inetd service that is not wrapped by one of the wrappers listed for the Non-wrapped Services check. Service wrappers are used to restrict access to the wrapped service. Services that are not wrapped can be a security risk. You should use wrappers to control who has access to network services and to log the use of services.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_DEF_NON_WRAPPED_SERVICE

Category: Policy Compliance

UNIX (5888)

Title: Default Settings for inetd Non-wrapped service

Description:ESM found that in default settings for inetd services tcp_wrappers is not set to TRUE. Service wrappers are used to restrict access to the wrapped service. Services that are not wrapped can be a security risk. You should use wrappers to control who has access to network services and to log the use of services.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]