Title

The discard daemon must be disabled on AIX. (Cat II impact)

Discussion

The discard service is used as a debugging and measurement tool. It sets up a listening socket and ignores data that it receives. This is a /dev/null service and is obsolete. This can be used in DoS attacks and therefore, must be disabled to prevent attacks.

Check Content

From the command prompt, execute the following command: # grep "^discard[[:blank:]]" /etc/inetd.conf If there is any output from the command, this is a finding.

Fix Text

In "/etc/inetd.conf", comment out the "discard" entries by running commands: # chsubserver -r inetd -C /etc/inetd.conf -d -v 'discard' -p 'tcp' # chsubserver -r inetd -C /etc/inetd.conf -d -v 'discard' -p 'udp' Restart inetd: # refresh -s inetd

Additional Identifiers

Rule ID: SV-215377r508663_rule

Vulnerability ID: V-215377

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.