Check: GEN009200
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE:
GEN009200
(in versions v1 r14 through v1 r10)
Title
The system must not have the daytime service active. (Cat II impact)
Discussion
The daytime service runs as root from the inetd daemon and can provide an opportunity for Denial of Service PING or PING-PONG attacks. The daytime service is unnecessary and it increases the attack vector of the system.
Check Content
Check the /etc/inetd.conf file for TCP and UDP daytime service. #grep daytime /etc/inetd.conf | grep -v \# If the daytime service is enabled, this is a finding.
Fix Text
Edit /etc/inetd.conf and comment out daytime service lines for both TCP and UDP protocols. Restart the inetd service. # refresh -s inetd
Additional Identifiers
Rule ID: SV-38708r1_rule
Vulnerability ID: V-29504
Group Title: GEN009200
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001436 |
The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |