III - Administrative Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
If sendmail is not required on AIX, the sendmail service must be disabled.
<VulnDiscussion>The sendmail service has many historical vulnerabilities and, where possible, should be disabled. If the system is not requir...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
If SNMP is not required on AIX, the snmpd service must be disabled.
<VulnDiscussion>The snmpd daemon is used by many 3rd party applications to monitor the health of the system. This allows remote monitoring of...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
The AIX DHCP client must be disabled.
<VulnDiscussion>The dhcpcd daemon receives address and configuration information from the DHCP server. DHCP relies on trusting the local netw...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
If DHCP is not enabled in the network on AIX, the dhcprd daemon must be disabled.
<VulnDiscussion>The dhcprd daemon listens for broadcast packets, receives them, and forwards them to the appropriate server. To prevent remo...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
If IPv6 is not utilized on AIX server, the autoconf6 daemon must be disabled.
<VulnDiscussion>"autoconf6" is used to automatically configure IPv6 interfaces at boot time. Running this service may allow other hosts on th...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
If AIX server is not functioning as a network router, the gated daemon must be disabled.
<VulnDiscussion>This daemon provides gateway routing functions for protocols such as RIP and SNMP. To prevent remote attacks this daemon sho...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
If AIX server is not functioning as a multicast router, the mrouted daemon must be disabled.
<VulnDiscussion>This daemon is an implementation of the multicast routing protocol. To prevent remote attacks this daemon should not be enab...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
If AIX server is not functioning as a DNS server, the named daemon must be disabled.
<VulnDiscussion>This is the server for the DNS protocol and controls domain name resolution for its clients. To prevent attacks this daemon ...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
If AIX server is not functioning as a network router, the routed daemon must be disabled.
<VulnDiscussion>The routed daemon manages the network routing tables in the kernel. To prevent attacks this daemon should not be enabled unl...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
If rwhod is not required on AIX, the rwhod daemon must be disabled.
<VulnDiscussion>This is the remote WHO service. To prevent remote attacks this daemon should not be enabled unless there is no alternative.&...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.