Title

Inetd and xinetd must be disabled or removed if no network services utilizing them are enabled. (Cat II impact)

Discussion

Unnecessary services should be disabled to decrease the attack surface of the system.

Check Content

First determine if (x)inetd is running: # ps -ef | grep -v "grep" | egrep -i "inetd|xinetd" Then, determine the contents of the configuration file: # find / -type f -name xinetd.conf -o -name inetd.conf | xargs -n1 cat | \ tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' | grep -v "^#" If inetd is running and no active services are found (i.e., the configuration file does not exist, is empty or is completely commented out), this is a finding. If inetd is not running and the configuration file does not exist, is empty or is completely commented out, this is not a finding. If inetd is running and active services are found via the ps command and are also in the inetd.conf file, this is not a finding.

Fix Text

Remove or disable the inetd startup scripts and kill the service.

Additional Identifiers

Rule ID: SV-35064r1_rule

Vulnerability ID: V-12005

Group Title: GEN003700

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.