I - Mission Critical Public
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000095-GPOS-00049
Group -
The ntalk daemon must be disabled on AIX.
This service establishes a two-way communication link between two users, either locally or remotely. Unless required the ntalk service will be disabled to prevent attacks.Rule High Severity -
SRG-OS-000095-GPOS-00049
Group -
The chargen daemon must be disabled on AIX.
This service is used to test the integrity of TCP/IP packets arriving at the destination. This chargen service is a character generator service and is used for testing the integrity of TCP/IP pack...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
The discard daemon must be disabled on AIX.
The discard service is used as a debugging and measurement tool. It sets up a listening socket and ignores data that it receives. This is a /dev/null service and is obsolete. This can be used in Do...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
The dtspc daemon must be disabled on AIX.
The dtspc service deals with the CDE interface of the X11 daemon. It is started automatically by the inetd daemon in response to a CDE client requesting a process to be started on the daemon's host...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
The pcnfsd daemon must be disabled on AIX.
The pcnfsd service is an authentication and printing program, which uses NFS to provide file transfer services. This service is vulnerable and exploitable and permits the machine to be compromised ...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
The rstatd daemon must be disabled on AIX.
The rstatd service is used to provide kernel statistics and other monitorable parameters pertinent to the system such as: CPU usage, system uptime, network usage etc. An attacker may use this infor...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
The rusersd daemon must be disabled on AIX.
The rusersd service runs as root and provides a list of current users active on a system. An attacker may use this service to learn valid account names on the system. This is not an essential servi...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
The sprayd daemon must be disabled on AIX.
The sprayd service is used as a tool to generate UDP packets for testing and diagnosing network problems. The service must be disabled if NFS is not in use, as it can be used by attackers in a Dist...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
The klogin daemon must be disabled on AIX.
The klogin service offers a higher degree of security than traditional rlogin or telnet by eliminating most clear-text password exchanges on the network. However, it is still not as secure as SSH, ...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
The kshell daemon must be disabled on AIX.
The kshell service offers a higher degree of security than traditional rsh services. However, it still does not use encrypted communications. The recommendation is to use SSH wherever possible inst...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.