Navigate

Check: AIX7-00-003063

IBM AIX 7.x STIG: AIX7-00-003063 (in versions v2 r9 through v1 r1)

Title

The ndpd-router must be disabled on AIX. (Cat II impact)

Discussion

This manages the Neighbor Discovery Protocol (NDP) for non-kernel activities, required in IPv6. The ndpd-router manages NDP for non-kernel activities. Unless the server utilizes IPv6, this is not required and should be disabled to prevent attacks.

Check Content

From the command prompt, execute the following command: # grep "^start[[:blank:]]/usr/sbin/ndpd-router" /etc/rc.tcpip If there is any output from the command, this is a finding.

Fix Text

In "/etc/rc.tcpip", comment out the "ndpd-router" entry by running command: # chrctcp -d ndpd-router

Additional Identifiers

Rule ID: SV-215368r508663_rule

Vulnerability ID: V-215368

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000381	The organization configures the information system to provide only essential capabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-7	Least Functionality