Title

The Internet Network News (INN) server must be disabled on AIX. (Cat II impact)

Discussion

Internet Network News (INN) servers access Usenet newsfeeds and store newsgroup articles. INN servers use the Network News Transfer Protocol (NNTP) to transfer information from the Usenet to the server and from the server to authorized remote hosts. If this function is necessary to support a valid mission requirement, its use must be authorized and approved in the system accreditation package.

Check Content

From the command prompt, run the following command: # ps -ef | egrep "innd|nntpd" If the above command produced any result, this is a finding. Check if "innd" or "nntpd" is started from "/etc/onetd.conf" using the following command: # egrep "innd|nntpd" /etc/inetd.conf | grep -v ^# If the above command produced any result, this is a finding. Check if "innd" or "nntpd" is added as a subsystem to the System Resource Controller (SRC): # lssrc -s innd # lssrc -s nntpd If the above commands found that "innd" or "nntpd" is defined in SRC, this is a finding.

Fix Text

To stop "innd" or "nntpd" from running, use the following commands: # stopsrc -s innd # stopsrc -s nntpd Some versions of "innd" and "nntpd" need the following commands to stop them: # kill -1 [innd_pid] # kill -1 [nntpd_pid] To remove "innd" and 'nntpd" from SRC, run the following commands: # rmssys -s innd # rmssys -s nntpd To stop running "innd" and "nntpd" from "/etc/inetd.conf", comment out the "innd" and "nntpd" lines in "/etc/inetd.conf", then refresh the "inetd": # refresh -s inetd

Additional Identifiers

Rule ID: SV-215392r508663_rule

Vulnerability ID: V-215392

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.