Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must not have the discard service active.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-29505 | GEN009210 | SV-38709r1_rule | ECSC-1 | Medium |
| Description |
|---|
| The discard service runs as root from the inetd server and can be used in Denial of Service attacks. The discard service is unnecessary and it increases the attack vector of the system. |
| STIG | Date |
|---|---|
| AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2017-12-08 |
Details
| Check Text ( C-37805r1_chk ) |
|---|
| Check the /etc/inetd.conf file for TCP and UDP discard service entries. #grep discard /etc/inetd.conf | grep -v \# If the discard service is active, this is a finding. |
| Fix Text (F-33063r1_fix) |
|---|
| Edit /etc/inetd.conf and comment out the discard service line for both TCP and UDP protocols. Restart the inetd service. #refresh -s inetd |