UCF STIG Viewer Logo

A UNIX or UNIX-based name server is running unnecessary daemon/services and/or is configured to start an unnecessary daemon, service, or program upon boot up.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3618 DNS4450 SV-3618r1_rule ECSC-1 Medium
Description
Unnecessary software running on a name server could introduce security vulnerabilities that would be avoided if it were not present.
STIG Date
BIND DNS STIG 2015-10-01

Details

Check Text ( C-3455r1_chk )
The reviewer should examine the start-up files to determine whether they launch unnecessary programs. The file /etc/inetd.conf is common to UNIX implementations. The reviewer may use the cat command to view this file. If the file contains any of the daemons listed, this is a finding:

If SNMP is used for network management it must be documented and configured in accordance with the UNIX STIG.

Below is a list of prohibited services. If any of these processes are running (the reviewer may use the ps –ef | grep service name to verify if the process is running or not), or configured to be started upon boot-up (the reviewer my use the ls command in the /etc/rc2.d or /etc/rc3.d directory), then this is a finding (although inherently dangerous, if SNMP is used for network management purposes, it must be documented and configured in accordance with the UNIX STIG):

- NFS client (s73nfs.client in rc2.d)
- automounter (s74autofs in rc2.d)
- printer queue daemon (s80lp in rc2.d)
- RPC portmapper (s71rpc in rc2.d)
- CDE login (s99dtlogin in rc2.d)
- NFS server process (s15nfs.server in rc3.d)
- SNMP daemon (s76snmpdx in rc3.d)
Fix Text (F-3549r1_fix)
The SA should edit startup files (e.g., inetd.conf) so that the unnecessary programs to not launch on boot-up.