Title

If NFS is not required on AIX, the NFS daemon must be disabled. (Cat II impact)

Discussion

The rcnfs entry starts the NFS daemons during system boot. NFS is a service with numerous historical vulnerabilities and should not be enabled unless there is no alternative. If NFS serving is required, then read-only exports are recommended and no filesystem or directory should be exported with root access. Unless otherwise required the NFS daemons (rcnfs) will be disabled.

Check Content

From the command prompt, execute the following command: # lsitab rcnfs If the command yields any output, this is a finding.

Fix Text

In "/etc/inittab", remove the "rcnfs" entry by running the following command: # rmitab rcnfs To request the init command to re-examine the "/etc/inittab" file, enter: # telinit q

Additional Identifiers

Rule ID: SV-215352r508663_rule

Vulnerability ID: V-215352

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.