Check: GEN009260
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE:
GEN009260
(in versions v1 r14 through v1 r10)
Title
The system must not have the talk or ntalk services active. (Cat II impact)
Discussion
The talk and ntalk commands allow users on the same or different systems on converse. The talk daemons are started from the inetd process and run as root. These unnecessary processes increase the attack vector of the system and may cause Denial of Service by scrambling the users display.
Check Content
Check the /etc/inetd.conf file for talk and ntalk services. #grep talk /etc/inetd.conf | grep -v \# If any TCP or UDP talk or ntalk services are enabled, this is a finding.
Fix Text
Edit /etc/inetd.conf and comment out TCP and UDP for the talk service. Edit /etc/inetd.conf and comment out TCP and UDP for the ntalk service. Restart the inetd service. # refresh -s inetd
Additional Identifiers
Rule ID: SV-38714r1_rule
Vulnerability ID: V-29510
Group Title: GEN009260
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001436 |
The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |