UCF STIG Viewer Logo

The rusersd daemon must be disabled on AIX.


Overview

Finding ID Version Rule ID IA Controls Severity
V-215381 AIX7-00-003076 SV-215381r508663_rule Medium
Description
The rusersd service runs as root and provides a list of current users active on a system. An attacker may use this service to learn valid account names on the system. This is not an essential service and should be disabled.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2022-06-06

Details

Check Text ( C-16579r294594_chk )
From the command prompt, execute the following command:
# grep "^rusersd[[:blank:]]" /etc/inetd.conf

If there is any output from the command, this is a finding.
Fix Text (F-16577r294595_fix)
In "/etc/inetd.conf", comment out the "rusersd" entry by running command:
# chsubserver -r inetd -C /etc/inetd.conf -d -v 'rusersd' -p 'udp'

Restart inetd:
# refresh -s inetd