UCF STIG Viewer Logo

The system must not have the discard service active.


Overview

Finding ID Version Rule ID IA Controls Severity
V-29505 GEN009210 SV-38709r1_rule ECSC-1 Medium
Description
The discard service runs as root from the inetd server and can be used in Denial of Service attacks. The discard service is unnecessary and it increases the attack vector of the system.
STIG Date
Draft AIX Security Technical Implementation Guide 2011-08-17

Details

Check Text ( C-37805r1_chk )
Check the /etc/inetd.conf file for TCP and UDP discard service entries.

#grep discard /etc/inetd.conf | grep -v \#

If the discard service is active, this is a finding.
Fix Text (F-33063r1_fix)
Edit /etc/inetd.conf and comment out the discard service line for both TCP and UDP protocols.
Restart the inetd service.
#refresh -s inetd