Check: GEN009270
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE:
GEN009270
(in versions v1 r14 through v1 r10)
Title
The system must not have the netstat service active on the inetd process. (Cat II impact)
Discussion
The netstat service can potentially give out network information on active connections if it is running. The information given out can aid in an attack and weaken the systems defensive posture.
Check Content
Check the /etc/inetd.conf for active netstat service. grep netstat /etc/inetd.conf | grep -v \# If the netstat service is active, this is a finding.
Fix Text
Edit /etc/inetd.conf and comment out the netstat service line. Restart the inetd service. # refresh -s inetd
Additional Identifiers
Rule ID: SV-38715r1_rule
Vulnerability ID: V-29511
Group Title: GEN009270
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001436 |
The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |