UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must not have the discard service active.


Overview

Finding ID Version Rule ID IA Controls Severity
V-29505 GEN009210 SV-38709r1_rule ECSC-1 Medium
Description
The discard service runs as root from the inetd server and can be used in Denial of Service attacks. The discard service is unnecessary and it increases the attack vector of the system.
STIG Date
AIX 5.3 Security Technical Implementation Guide 2012-05-25

Details

Check Text ( C-37805r1_chk )
Check the /etc/inetd.conf file for TCP and UDP discard service entries.

#grep discard /etc/inetd.conf | grep -v \#

If the discard service is active, this is a finding.
Fix Text (F-33063r1_fix)
Edit /etc/inetd.conf and comment out the discard service line for both TCP and UDP protocols.
Restart the inetd service.
#refresh -s inetd