Inetd and xinetd must be disabled or removed if no network services utilizing them are enabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-12005	GEN003700	SV-35064r1_rule	ECSC-1	Medium

Description
Unnecessary services should be disabled to decrease the attack surface of the system.

STIG	Date
HP-UX 11.31 Security Technical Implementation Guide	2018-09-14

Details

Check Text ( C-36522r1_chk )
First determine if (x)inetd is running: # ps -ef \| grep -v "grep" \| egrep -i "inetd\|xinetd" Then, determine the contents of the configuration file: # find / -type f -name xinetd.conf -o -name inetd.conf \| xargs -n1 cat \| \ tr '\011' ' ' \| tr -s ' ' \| sed -e 's/^[ \t]*//' \| grep -v "^#" If inetd is running and no active services are found (i.e., the configuration file does not exist, is empty or is completely commented out), this is a finding. If inetd is not running and the configuration file does not exist, is empty or is completely commented out, this is not a finding. If inetd is running and active services are found via the ps command and are also in the inetd.conf file, this is not a finding.

Check Text ( C-36522r1_chk )

First determine if (x)inetd is running:
# ps -ef | grep -v "grep" | egrep -i "inetd|xinetd"

Then, determine the contents of the configuration file:
# find / -type f -name xinetd.conf -o -name inetd.conf | xargs -n1 cat | \
tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' | grep -v "^#"

If inetd is running and no active services are found (i.e., the configuration file does not exist, is empty or is completely commented out), this is a finding.

If inetd is not running and the configuration file does not exist, is empty or is completely commented out, this is not a finding.

If inetd is running and active services are found via the ps command and are also in the inetd.conf file, this is not a finding.

Fix Text (F-31882r1_fix)
Remove or disable the inetd startup scripts and kill the service.