UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The securetcpip command must be used.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4284 GEN000000-AIX00040 SV-4284r2_rule ECSC-1 Medium
Description
The AIX securetcpip command disables insecure network utilities, such as rcp, rlogin, rlogind, rsh, rshd, tftp, tftpd, and trpt/d. These services increase the attack surface of the system.
STIG Date
AIX 5.3 Security Technical Implementation Guide 2013-03-26

Details

Check Text ( C-2446r2_chk )
The securetcpip command is in /etc. If it is not there, this is a finding.
Perform:

more /etc/security/config

If the stanza below is not there, this is a finding.

tcpip:
netrc = ftp, rexec

The stanza indicates the securetcpip command, which disables all the unsafe tcpip commands, (e.g., rsh, rlogin, tftp) has been executed.
Fix Text (F-33317r1_fix)
Ensure secure tcp/ip has been invoked before allowing operations on the system.