Check: GEN003860
HP-UX 11.31 STIG:
GEN003860
(in versions v1 r19 through v1 r13)
Title
The system must not have the finger service active. (Cat III impact)
Discussion
The finger service provides information about the system's users to network clients. This could expose information that could be used in subsequent attacks.
Check Content
# cat /etc/inetd.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' |grep -v "^#" | \ cut -f 6,7 -d " " | grep -c -i fingerd If the fingerd service is not disabled, this is a finding.
Fix Text
Edit /etc/inetd.conf and comment out the fingerd line. Restart the inetd service via the following command: # inetd -c
Additional Identifiers
Rule ID: SV-35136r1_rule
Vulnerability ID: V-4701
Group Title: GEN003860
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001551 |
The organization defines approved authorizations for controlling the flow of information between interconnected systems. |
Controls
Number | Title |
---|---|
AC-4 |
Information Flow Enforcement |