III - Administrative Public
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000095-GPOS-00049
Group -
The AIX DHCP client must be disabled.
The dhcpcd daemon receives address and configuration information from the DHCP server. DHCP relies on trusting the local network. If the local network is not trusted, then it should not be used. T...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
If DHCP is not enabled in the network on AIX, the dhcprd daemon must be disabled.
The dhcprd daemon listens for broadcast packets, receives them, and forwards them to the appropriate server. To prevent remote attacks this daemon should not be enabled unless there is no alternat...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
If IPv6 is not utilized on AIX server, the autoconf6 daemon must be disabled.
"autoconf6" is used to automatically configure IPv6 interfaces at boot time. Running this service may allow other hosts on the same physical subnet to connect via IPv6, even when the network does n...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
If AIX server is not functioning as a network router, the gated daemon must be disabled.
This daemon provides gateway routing functions for protocols such as RIP and SNMP. To prevent remote attacks this daemon should not be enabled unless there is no alternative.Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
If AIX server is not functioning as a multicast router, the mrouted daemon must be disabled.
This daemon is an implementation of the multicast routing protocol. To prevent remote attacks this daemon should not be enabled unless there is no alternative.Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
If AIX server is not functioning as a DNS server, the named daemon must be disabled.
This is the server for the DNS protocol and controls domain name resolution for its clients. To prevent attacks this daemon should not be enabled unless there is no alternative.Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
If AIX server is not functioning as a network router, the routed daemon must be disabled.
The routed daemon manages the network routing tables in the kernel. To prevent attacks this daemon should not be enabled unless there is no alternative.Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
If rwhod is not required on AIX, the rwhod daemon must be disabled.
This is the remote WHO service. To prevent remote attacks this daemon should not be enabled unless there is no alternative.Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
The timed daemon must be disabled on AIX.
This is the old UNIX time service. The timed daemon is the old UNIX time service. Disable this service and use xntp, if time synchronization is required in the environment.Rule Medium Severity -
SRG-OS-000095-GPOS-00049
Group -
If AIX server does not host an SNMP agent, the dpid2 daemon must be disabled.
The dpid2 daemon acts as a protocol converter, which enables DPI (SNMP v2) sub-agents, such as hostmibd, to talk to a SNMP v1 agent that follows SNMP MUX protocol. To prevent attacks this daemon s...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.