Unix: Inetd Service
Description
The Unix: Inetd Service test is used to check information associated with different Internet services. The textfilecontent54_test elements are used to check the contents of the inetd configuration file and files within the /etc/xinetd.d directory, by looking at individual blocks of text within the files.
The inetd_object element is used by a xinetd_test to define the specific protocol-service to be evaluated. An inetd object consists of a protocol entity and a service_name entity that identifies the specific service to be tested.
The textfilecontent54_object elements are used by a textfilecontent54_test to define the specific block(s) of text of a file(s) to be evaluated. The textfilecontent54_object will only collect regular files on UNIX systems.
The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.
The inetd_state element defines the different information associated with a specific Internet service.
Technical Details
Artifact Parameters
unix.inetd_service_v1
Name |
Type |
Description |
|---|---|---|
service |
string |
The name of the service to be tested. Cannot be blank. |
protocol |
string |
The protocol the service is running on (tcp/udp). |
Supported Test Types
Unix: Service Enabled
Test Type Parameters
unix.service_enabled_v1
Name |
Type |
Description |
|---|---|---|
enabled |
string |
Is the service enabled? (Yes/No) |
Generated Content
unix.service_enabled_v1
XCCDF+AE
This is what the AE check looks like, inside a Rule, in the XCCDF.
<xccdf:complex-check operator="AND">
<xccdf:check system="https://benchmarks.cisecurity.org/ae/0.5">
<xccdf:check-content>
<ae:artifact_expression id="xccdf_org.cisecurity.benchmarks_ae_[SECTION-NUMBER]">
<ae:artifact_oval_id>[ARTIFACT-OVAL-ID]</ae:artifact_oval_id>
<ae:title>[ARTIFACT-TITLE]</ae:title>
<ae:artifact type="[ARTIFACT-TYPE-NAME]">
<ae:parameters>
<ae:parameter dt="string" name="service">[service.value]</ae:parameter>
<ae:parameter dt="string" name="protocol">[protocol.value]</ae:parameter>
</ae:parameters>
</ae:artifact>
<ae:test type="[TEST-TYPE-NAME]">
<ae:parameters>
<ae:parameter dt="string" name="enabled">[enabled.value]</ae:parameter>
</ae:parameters>
</ae:test>
<ae:profiles>
<ae:profile idref="xccdf_org.cisecurity.benchmarks_profile_Level_1" />
</ae:profiles>
</ae:artifact_expression>
</xccdf:check-content>
</xccdf:check>
</xccdf:complex-check>
SCAP
XCCDF
For unix.inetd_service_v1 unix.service_enabled_v1 artifacts, the XCCDF check looks like this. There is no Value element in the XCCDF for this artifact.
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
<check-content-ref
href="[BENCHMARK-TITLE]-oval.xml"
name="oval:org.cisecurity.benchmarks.[PLATFORM]:def:[ARTIFACT-OVAL-ID]" />
</check>
OVAL
Test
<xinetd_test
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
id="oval:org.cisecurity.benchmarks.[PLATFORM]:tst:[ARTIFACT-OVAL-ID]1"
check_existence="[check_existence.value]"
check="all"
comment="[ARTIFACT-TITLE]"
version="1">
<object object_ref="oval:org.cisecurity.benchmarks.[PLATFORM]:obj:[ARTIFACT-OVAL-ID]1" />
<state state_ref="oval:org.cisecurity.benchmarks.[PLATFORM]:ste:[ARTIFACT-OVAL-ID]1" />
</xinetd_test>
<textfilecontent54_test
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
id="oval:org.cisecurity.benchmarks.[PLATFORM]:tst:[ARTIFACT-OVAL-ID]2"
check_existence="[check_existence.value]"
check="all"
comment="[ARTIFACT-TITLE]"
version="1">
<object object_ref="oval:org.cisecurity.benchmarks.[PLATFORM]:obj:[ARTIFACT-OVAL-ID]2" />
</textfilecontent54_test>
<textfilecontent54_test
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
id="oval:org.cisecurity.benchmarks.[PLATFORM]:tst:[ARTIFACT-OVAL-ID]3"
check_existence="[check_existence.value]"
check="all"
comment="[ARTIFACT-TITLE]"
version="1">
<object object_ref="oval:org.cisecurity.benchmarks.[PLATFORM]:obj:[ARTIFACT-OVAL-ID]3" />
</textfilecontent54_test>
Object
<xinetd_object
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
id="oval:org.cisecurity.benchmarks.[PLATFORM]:obj:[ARTIFACT-OVAL-ID]1"
comment="[ARTIFACT-TITLE]"
version="1">
<protocol operation="pattern match">
[protocol.value]
</protocol>
<service_name>[service_name.value]</service_name>
</xinetd_object>
<textfilecontent54_object
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
id="oval:org.cisecurity.benchmarks.[PLATFORM]:obj:[ARTIFACT-OVAL-ID]2"
comment="[ARTIFACT-TITLE]"
version="1">
<filepath>/etc/inetd.conf</filepath>
<pattern
operation="pattern match"
datatype="string">
[pattern.value]
</pattern>
<instance
datatype="int"
operation="equals">
1
</instance>
</textfilecontent54_object>
<textfilecontent54_object
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
id="oval:org.cisecurity.benchmarks.[PLATFORM]:obj:[ARTIFACT-OVAL-ID]3"
comment="[ARTIFACT-TITLE]"
version="1">
<path>/etc/inetd.d</path>
<filename operation="pattern match">
.+
</filename>
<pattern
operation="pattern match"
datatype="string">
[pattern.value]
</pattern>
<instance
datatype="int"
operation="equals">
1
</instance>
</textfilecontent54_object>
State
<xinetd_state
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
id="oval:org.cisecurity.benchmarks.[PLATFORM]:ste:[ARTIFACT-OVAL-ID]1"
comment="[ARTIFACT-TITLE]"
version="1">
<disabled
datatype="boolean"
operation="equals">
[disabled.value]
</disabled>
</xinetd_state>
YAML
artifact-expression:
artifact-unique-id: "[ARTIFACT-OVAL-ID]"
artifact-title: "[ARTIFACT-TITLE]"
artifact:
type: "[ARTIFACT-TYPE-NAME]"
parameters:
- parameter:
name: "service"
dt: "string"
value: "[service.value]"
- parameter:
name: "protocol"
dt: "string"
value: "[protocol.value]"
test:
type: "[TEST-TYPE-NAME]"
parameters:
- parameter:
name: "enabled"
dt: "string"
value: "[enabled.value]"
JSON
{
"artifact-expression": {
"artifact-unique-id": "[ARTIFACT-OVAL-ID]",
"artifact-title": "[ARTIFACT-TITLE]",
"artifact": {
"type": "[ARTIFACT-TYPE-NAME]",
"parameters": [
{
"parameter": {
"name": "service",
"type": "string",
"value": "[service.value]"
}
},
{
"parameter": {
"name": "protocol",
"type": "string",
"value": "[protocol.value]"
}
}
]
},
"test": {
"type": "[TEST-TYPE-NAME]",
"parameters": [
{
"parameter": {
"name": "enabled",
"type": "string",
"value": "[enabled.value]"
}
}
]
}
}
}