An error occurred:

Check: AIX7-00-003062

IBM AIX 7.x STIG: AIX7-00-003062 (in versions v2 r9 through v2 r4)

Title

The ndpd-host daemon must be disabled on AIX. (Cat II impact)

Discussion

This is the Neighbor Discovery Protocol (NDP) daemon, required in IPv6. The ndpd-host is the NDP daemon for the server. Unless the server utilizes IPv6, this is not required and should be disabled to prevent attacks.

Check Content

If the system is using IPv6, this is Not Applicable. From the command prompt, execute the following command: # grep "^start[[:blank:]]/usr/sbin/ndpd-host" /etc/rc.tcpip If there is any output from the command, this is a finding.

Fix Text

In "/etc/rc.tcpip", comment out the "ndpd-host" entry by running command: # chrctcp -d ndpd-host

Additional Identifiers

Rule ID: SV-215367r808440_rule

Vulnerability ID: V-215367

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000381

The organization configures the information system to provide only essential capabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-7

Least Functionality