Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-3618 | DNS4450 | SV-3618r1_rule | ECSC-1 | Medium |
Description |
---|
Unnecessary software running on a name server could introduce security vulnerabilities that would be avoided if it were not present. |
STIG | Date |
---|---|
BIND DNS | 2013-04-12 |
Check Text ( C-3455r1_chk ) |
---|
The reviewer should examine the start-up files to determine whether they launch unnecessary programs. The file /etc/inetd.conf is common to UNIX implementations. The reviewer may use the cat command to view this file. If the file contains any of the daemons listed, this is a finding: If SNMP is used for network management it must be documented and configured in accordance with the UNIX STIG. Below is a list of prohibited services. If any of these processes are running (the reviewer may use the ps –ef | grep service name to verify if the process is running or not), or configured to be started upon boot-up (the reviewer my use the ls command in the /etc/rc2.d or /etc/rc3.d directory), then this is a finding (although inherently dangerous, if SNMP is used for network management purposes, it must be documented and configured in accordance with the UNIX STIG): - NFS client (s73nfs.client in rc2.d) - automounter (s74autofs in rc2.d) - printer queue daemon (s80lp in rc2.d) - RPC portmapper (s71rpc in rc2.d) - CDE login (s99dtlogin in rc2.d) - NFS server process (s15nfs.server in rc3.d) - SNMP daemon (s76snmpdx in rc3.d) |
Fix Text (F-3549r1_fix) |
---|
The SA should edit startup files (e.g., inetd.conf) so that the unnecessary programs to not launch on boot-up. |