II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000095-GPOS-00049
Group -
If AIX server is not functioning as a DNS server, the named daemon must be disabled.
This is the server for the DNS protocol and controls domain name resolution for its clients. To prevent attacks this daemon should not be enabled unless there is no alternative.Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
If AIX server is not functioning as a network router, the routed daemon must be disabled.
The routed daemon manages the network routing tables in the kernel. To prevent attacks this daemon should not be enabled unless there is no alternative.Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
If rwhod is not required on AIX, the rwhod daemon must be disabled.
This is the remote WHO service. To prevent remote attacks this daemon should not be enabled unless there is no alternative.Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
The timed daemon must be disabled on AIX.
This is the old UNIX time service. The timed daemon is the old UNIX time service. Disable this service and use xntp, if time synchronization is required in the environment.Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
If AIX server does not host an SNMP agent, the dpid2 daemon must be disabled.
The dpid2 daemon acts as a protocol converter, which enables DPI (SNMP v2) sub-agents, such as hostmibd, to talk to a SNMP v1 agent that follows SNMP MUX protocol. To prevent attacks this daemon s...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.