Navigate

Check: AIX7-00-003077

IBM AIX 7.x STIG: AIX7-00-003077 (in versions v2 r9 through v1 r1)

Title

The sprayd daemon must be disabled on AIX. (Cat II impact)

Discussion

The sprayd service is used as a tool to generate UDP packets for testing and diagnosing network problems. The service must be disabled if NFS is not in use, as it can be used by attackers in a Distributed Denial of Service (DDoS) attack.

Check Content

From the command prompt, execute the following command: # grep "^sprayd[[:blank:]]" /etc/inetd.conf If there is any output from the command, this is a finding.

Fix Text

In "/etc/inetd.conf", comment out the "sprayd" entry by running command: # chsubserver -r inetd -C /etc/inetd.conf -d -v 'sprayd' -p 'udp' Restart inetd: # refresh -s inetd

Additional Identifiers

Rule ID: SV-215382r508663_rule

Vulnerability ID: V-215382

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000381	The organization configures the information system to provide only essential capabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-7	Least Functionality