Check: AIX7-00-003084
IBM AIX 7.x STIG:
AIX7-00-003084
(in versions v3 r1 through v1 r1)
Title
The finger daemon must be disabled on AIX. (Cat II impact)
Discussion
The fingerd daemon provides the server function for the finger command. This allows users to view real-time pertinent user login information on other remote systems. This service should be disabled as it may provide an attacker with a valid user list to target.
Check Content
From the command prompt, execute the following command: # grep "^finger[[:blank:]]" /etc/inetd.conf If there is any output from the command, this is a finding.
Fix Text
In "/etc/inetd.conf", comment out the "finger" entry by running command: # chsubserver -r inetd -C /etc/inetd.conf -d -v 'finger' -p 'tcp' Restart inetd: # refresh -s inetd
Additional Identifiers
Rule ID: SV-215389r958478_rule
Vulnerability ID: V-215389
Group Title: SRG-OS-000095-GPOS-00049
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
Configure the system to provide only organization-defined mission essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |