Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-29505 | GEN009210 | SV-38709r1_rule | ECSC-1 | Medium |
Description |
---|
The discard service runs as root from the inetd server and can be used in Denial of Service attacks. The discard service is unnecessary and it increases the attack vector of the system. |
STIG | Date |
---|---|
AIX 5.3 Security Technical Implementation Guide | 2012-05-25 |
Check Text ( C-37805r1_chk ) |
---|
Check the /etc/inetd.conf file for TCP and UDP discard service entries. #grep discard /etc/inetd.conf | grep -v \# If the discard service is active, this is a finding. |
Fix Text (F-33063r1_fix) |
---|
Edit /etc/inetd.conf and comment out the discard service line for both TCP and UDP protocols. Restart the inetd service. #refresh -s inetd |