The AIX DHCP client must be disabled.

An XCCDF Rule

Description

<VulnDiscussion>The dhcpcd daemon receives address and configuration information from the DHCP server. DHCP relies on trusting the local network. If the local network is not trusted, then it should not be used. To prevent remote attacks this daemon should not be enabled unless there is no alternative. Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-215355r508663_rule
Severity: Medium
References: CCI-000366 CCI-000381
Updated: 8 months ago

Disable the system's DHCP client. 

In "/etc/rc.tcpip", comment out the "dhcpcd" entry by running command:

# chrctcp -d dhcpcd
Reboot the system to ensure the DHCP client has been disabled fully. 

Configure a static IP for the system, if network connectivity is required.

The AIX DHCP client must be disabled.

Description

Remediation - Manual Procedure