Check: AIX7-00-003077
IBM AIX 7.x STIG:
AIX7-00-003077
(in versions v3 r1 through v1 r1)
Title
The sprayd daemon must be disabled on AIX. (Cat II impact)
Discussion
The sprayd service is used as a tool to generate UDP packets for testing and diagnosing network problems. The service must be disabled if NFS is not in use, as it can be used by attackers in a Distributed Denial of Service (DDoS) attack.
Check Content
From the command prompt, execute the following command: # grep "^sprayd[[:blank:]]" /etc/inetd.conf If there is any output from the command, this is a finding.
Fix Text
In "/etc/inetd.conf", comment out the "sprayd" entry by running command: # chsubserver -r inetd -C /etc/inetd.conf -d -v 'sprayd' -p 'udp' Restart inetd: # refresh -s inetd
Additional Identifiers
Rule ID: SV-215382r958478_rule
Vulnerability ID: V-215382
Group Title: SRG-OS-000095-GPOS-00049
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
Configure the system to provide only organization-defined mission essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |