Check: GEN009210
AIX 5.3 STIG:
GEN009210
(in version v1 r3)
Title
The system must not have the discard service active. (Cat II impact)
Discussion
The discard service runs as root from the inetd server and can be used in Denial of Service attacks. The discard service is unnecessary and it increases the attack vector of the system.
Check Content
Check the /etc/inetd.conf file for TCP and UDP discard service entries. #grep discard /etc/inetd.conf | grep -v \# If the discard service is active, this is a finding.
Fix Text
Edit /etc/inetd.conf and comment out the discard service line for both TCP and UDP protocols. Restart the inetd service. #refresh -s inetd
Additional Identifiers
Rule ID: SV-38709r1_rule
Vulnerability ID: V-29505
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001436 |
The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |