2025-08-22 10:22:38 +05:30
id : tcpwrapper-access
info :
name : TCP Wrapper Access Control Check
author : songyaeji
severity : low
description : |
Checked if IP and port restrictions were properly applied using TCP Wrapper (/etc/hosts.allow and /etc/hosts.deny). Reported systems as vulnerable if unrestricted remote access (e.g. Telnet, RSH, SSH) was possible.
reference :
- https://isms.kisa.or.kr
tags : linux,audit,kisa,compliance
self-contained : true
code :
- engine :
2025-08-25 17:30:06 +09:00
- sh
2025-08-22 10:22:38 +05:30
- bash
source : |
echo "[*] Checking /etc/hosts.deny (default deny policy)"
if grep -Eq "^[[:space:]]*ALL:[[:space:]]*ALL" /etc/hosts.deny; then
2025-08-23 12:21:00 +05:30
echo "[SAFE] /etc/hosts.deny has ALL:ALL policy"
2025-08-22 10:22:38 +05:30
else
2025-08-23 12:21:00 +05:30
echo "[VULNERABLE] /etc/hosts.deny is missing ALL:ALL (default deny)"
2025-08-22 10:22:38 +05:30
fi
2025-08-23 12:21:00 +05:30
- engine :
- sh
- bash
source : |
2025-08-22 10:22:38 +05:30
echo "[*] Checking sshd allow policy in /etc/hosts.allow"
if grep -Eq "^[[:space:]]*sshd" /etc/hosts.allow; then
if grep -Eq "^[[:space:]]*sshd:[[:space:]]*ALL" /etc/hosts.allow; then
2025-08-23 12:21:00 +05:30
echo "[VULNERABLE] sshd allows ALL hosts (too permissive)"
2025-08-22 10:22:38 +05:30
else
2025-08-23 12:21:00 +05:30
echo "[SAFE] sshd-specific allow policy found with restrictions"
2025-08-22 10:22:38 +05:30
fi
else
2025-08-23 12:21:00 +05:30
echo "[VULNERABLE] No sshd-specific allow policy found"
2025-08-22 10:22:38 +05:30
fi
matchers :
- type : word
2025-08-23 12:21:00 +05:30
name : hosts.deny
part : code_1_response
words :
- "[VULNERABLE]"
- type : word
name : sshd
part : code_2_response
2025-08-22 10:22:38 +05:30
words :
2025-08-23 12:21:00 +05:30
- "[VULNERABLE]"
2025-08-25 08:40:26 +00:00
# digest: 4a0a00473045022100c663b11dcba756052ce372e23c9324af2fbdb20527f73341a851dd9b667b377e022067bd2c2a5904c4990a33e9463a775a08b72331ca895adc9e163fe9dd32e27e7d:922c64590222798bb761d5b6d8e72950
