UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The echo daemon must be disabled on AIX.


Overview

Finding ID Version Rule ID IA Controls Severity
V-215391 AIX7-00-003086 SV-215391r508663_rule Medium
Description
The echo service can be used in Denial of Service or SMURF attacks. It can also be used by someone else to get through a firewall or start a data storm. The echo service is unnecessary and it increases the attack vector of the system.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2021-03-10

Details

Check Text ( C-16589r294624_chk )
Check the /etc/inetd.conf for TCP and UDP echo service entries using command:
# grep echo /etc/inetd.conf | grep -v \#

If there is any output from the command, this is a finding.
Fix Text (F-16587r294625_fix)
In "/etc/inetd.conf", comment out the "echo" entries by running commands:
# chsubserver -r inetd -C /etc/inetd.conf -d -v 'echo' -p 'tcp'
# chsubserver -r inetd -C /etc/inetd.conf -d -v 'echo' -p 'udp'

Restart inetd:
# refresh -s inetd