The AIX DHCP client must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-215355 | AIX7-00-003049 | SV-215355r508663_rule | Medium |
| Description |
|---|
| The dhcpcd daemon receives address and configuration information from the DHCP server. DHCP relies on trusting the local network. If the local network is not trusted, then it should not be used. To prevent remote attacks this daemon should not be enabled unless there is no alternative. Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227 |
| STIG | Date |
|---|---|
| IBM AIX 7.x Security Technical Implementation Guide | 2022-06-06 |
Details
| Check Text ( C-16553r294516_chk ) |
|---|
| If the DHCP client is needed by the system and is documented, this is Not Applicable. Determine if the DHCP client is running: # ps -ef |grep dhcpcd If "dhcpcd" is running, this is a finding. Verify that DHCP is disabled on startup: # grep "^start[[:blank:]]/usr/sbin/dhcpcd" /etc/rc.tcpip If there is any output from the command, this is a finding. |
| Fix Text (F-16551r294517_fix) |
|---|
| Disable the system's DHCP client. In "/etc/rc.tcpip", comment out the "dhcpcd" entry by running command: # chrctcp -d dhcpcd Reboot the system to ensure the DHCP client has been disabled fully. Configure a static IP for the system, if network connectivity is required. |