The system must not have the netstat service active on the inetd process.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-29511 | GEN009270 | SV-38715r1_rule | ECSC-1 | Medium |
| Description |
|---|
| The netstat service can potentially give out network information on active connections if it is running. The information given out can aid in an attack and weaken the systems defensive posture. |
| STIG | Date |
|---|---|
| AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2018-09-18 |
Details
| Check Text ( C-37811r1_chk ) |
|---|
| Check the /etc/inetd.conf for active netstat service. grep netstat /etc/inetd.conf | grep -v \# If the netstat service is active, this is a finding. |
| Fix Text (F-33069r1_fix) |
|---|
| Edit /etc/inetd.conf and comment out the netstat service line. Restart the inetd service. # refresh -s inetd |