Navigate

Check: AIX7-00-003062

IBM AIX 7.x STIG: AIX7-00-003062 (in versions v3 r1 through v2 r4)

Title

The ndpd-host daemon must be disabled on AIX. (Cat II impact)

Discussion

This is the Neighbor Discovery Protocol (NDP) daemon, required in IPv6. The ndpd-host is the NDP daemon for the server. Unless the server utilizes IPv6, this is not required and should be disabled to prevent attacks.

Check Content

If the system is using IPv6, this is Not Applicable. From the command prompt, execute the following command: # grep "^start[[:blank:]]/usr/sbin/ndpd-host" /etc/rc.tcpip If there is any output from the command, this is a finding.

Fix Text

In "/etc/rc.tcpip", comment out the "ndpd-host" entry by running command: # chrctcp -d ndpd-host

Additional Identifiers

Rule ID: SV-215367r958478_rule

Vulnerability ID: V-215367

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000381	Configure the system to provide only organization-defined mission essential capabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-7	Least Functionality