Check: GEN009220
AIX 5.3 STIG:
GEN009220
(in version v1 r3)
Title
The system must not have the dtspc service active. (Cat II impact)
Discussion
This service is started automatically by the inetd daemon with root permission in response to a CDE client requesting a process to be started on the daemon’s host system. Running the dtscp service is unnecessary and it increases the attack vector of the system.
Check Content
Check the /etc/inetd.conf for the dtspc service. #grep dtspcd /etc/inetd.conf | grep -v \# If the dtspc service is enabled, this is a finding.
Fix Text
Edit /etc/inetd.conf and comment out dtspc service line. Restart the inetd service. # refresh -s inetd
Additional Identifiers
Rule ID: SV-38710r1_rule
Vulnerability ID: V-29506
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001436 |
The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |