Check: AIX7-00-003046
IBM AIX 7.x STIG:
AIX7-00-003046
(in versions v3 r1 through v1 r1)
Title
If NFS is not required on AIX, the NFS daemon must be disabled. (Cat II impact)
Discussion
The rcnfs entry starts the NFS daemons during system boot. NFS is a service with numerous historical vulnerabilities and should not be enabled unless there is no alternative. If NFS serving is required, then read-only exports are recommended and no filesystem or directory should be exported with root access. Unless otherwise required the NFS daemons (rcnfs) will be disabled.
Check Content
From the command prompt, execute the following command: # lsitab rcnfs If the command yields any output, this is a finding.
Fix Text
In "/etc/inittab", remove the "rcnfs" entry by running the following command: # rmitab rcnfs To request the init command to re-examine the "/etc/inittab" file, enter: # telinit q
Additional Identifiers
Rule ID: SV-215352r958478_rule
Vulnerability ID: V-215352
Group Title: SRG-OS-000095-GPOS-00049
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
Configure the system to provide only organization-defined mission essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |