Check: AIX7-00-003049
IBM AIX 7.x STIG:
AIX7-00-003049
(in versions v3 r1 through v1 r1)
Title
The AIX DHCP client must be disabled. (Cat II impact)
Discussion
The dhcpcd daemon receives address and configuration information from the DHCP server. DHCP relies on trusting the local network. If the local network is not trusted, then it should not be used. To prevent remote attacks this daemon should not be enabled unless there is no alternative. Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227
Check Content
If the DHCP client is needed by the system and is documented, this is Not Applicable. Determine if the DHCP client is running: # ps -ef |grep dhcpcd If "dhcpcd" is running, this is a finding. Verify that DHCP is disabled on startup: # grep "^start[[:blank:]]/usr/sbin/dhcpcd" /etc/rc.tcpip If there is any output from the command, this is a finding.
Fix Text
Disable the system's DHCP client. In "/etc/rc.tcpip", comment out the "dhcpcd" entry by running command: # chrctcp -d dhcpcd Reboot the system to ensure the DHCP client has been disabled fully. Configure a static IP for the system, if network connectivity is required.
Additional Identifiers
Rule ID: SV-215355r958478_rule
Vulnerability ID: V-215355
Group Title: SRG-OS-000095-GPOS-00049
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
CCI-000381 |
Configure the system to provide only organization-defined mission essential capabilities. |