AIX Security Expert /etc/inetd.conf Settings group

Edit online

AIX® Security Expert comments out specific entries in /etc/inetd.conf.

Default installation of AIX enables a number of network services that can possibly compromise the security of the system. AIX Security Expert disables unnecessary and unsecure services by commenting out their respective entries from the /etc/inetd.conf file. For AIX Standard Settings, these entries are uncommented. The following table lists entries that are commented out or uncommented in /etc/inetd.conf.

Table 1. AIX Security Expert /etc/inetd.conf Settings
Action button name Description Value set by AIX Security Expert Undo
Disable sprayd in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
sprayd sunrpc_udp udp wait root \
	/usr/lib/netsvc/
High Level Security
Yes
Medium Level Security
Yes
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable UDP chargen service in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
chargen dgram udp wait root internal
High Level Security
Yes
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable telnet / Enable telnet Comments out or uncomments the following entry from /etc/inetd.conf:
telnet stream tcp6 nowait root \
	/usr/sbin/telnetd telnetd
High Level Security
Comment
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Uncomment
 Yes
Disable UDP Echo service in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
echo dgram udp wait root internal
High Level Security
Yes
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable tftp in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
tftp dgram udp6 SRC nobody \
	/usr/sbin/tftpd tftpd -n
High Level Security
Yes
Medium Level Security
Yes
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable krshd daemon Comments out the following entry from /etc/inetd.conf:
kshell stream tcp nowait root \
	/usr/sbin/krshd krshd
High Level Security
Yes
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable rusersd in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
rusersd sunrpc_udp udp wait root \
	/usr/lib/netsvc/
High Level Security
Yes
Medium Level Security
Yes
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable rexecd in /etc/inetd.conf / Enable rexecd in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
exec stream tcp6 nowait root \
	/usr/sbin/rexecd rexecd
High Level Security
Comment
Medium Level Security
Comment
Low Level Security
No effect
AIX Standard Settings
Uncomment
 Yes
Disable POP3D Comments out the following entry from /etc/inetd.conf:
pop3 stream tcp nowait root \
	/usr/sbin/pop3d pop3d
High Level Security
Yes
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable pcnfsd in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
pcnfsd sunrpc_udp udp wait root \
	/usr/sbin/rpc.pcnfsd pcnfsd
High Level Security
Yes
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable bootpd in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
bootps dgram udp wait root \
	/usr/sbin/bootpd
High Level Security
Yes
Medium Level Security
Yes
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable rwalld in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
rwalld sunrpc_udp udp wait root \
	/usr/lib/netsvc/
High Level Security
Yes
Medium Level Security
Yes
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable UDP discard service in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
discard dgram udp wait root \
	internal
High Level Security
Yes
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable TCP daytime service in /etc/inetd.conf / Enable TCP daytime service in /etc/inetd.conf Commentsout or uncomments the following entry from /etc/inetd.conf:
daytime stream tcp nowait root \
	internal
High Level Security
Comment
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Uncomment
 Yes
Disable netstat in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
netstat stream tcp nowait nobody \
	/usr/bin/netstat
High Level Security
Yes
Medium Level Security
Yes
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable rshd daemon/Enable rshd daemon Comments out or uncomments the following entry from /etc/inetd.conf:
shell stream tcp6 nowait root \
	/usr/sbin/rshd rshd rshd
High Level Security
Comment
Medium Level Security
Comment
Low Level Security
Comment
AIX Standard Settings
Uncomment
 Yes
Disable cmsd service in /etc/inetd.conf / Enable cmsd service in /etc/inetd.conf Comments out or uncomments the following entry from /etc/inetd.conf:
cmsd sunrpc_udp udp wait root \
	/usr/dt/bin/rpc.cms cmsd
High Level Security
Comment
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Uncomment
 Yes
Disable ttdbserver service in /etc/inetd.conf / Enable ttdbserver service in /etc/inetd.conf Comments out or uncomments the following entry from /etc/inetd.conf:
ttdbserver sunrpc_tcp tcp wait \
	root /usr/dt/bin/
High Level Security
Comment
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Uncomment
 Yes
Disable uucpd in /etc/inetd.conf / Enable uucpd in /etc/inetd.conf Commentsout or uncomments the following entry from /etc/inetd.conf:
uucp stream tcp nowait root \
	/usr/sbin/uucpd uucpd
High Level Security
Comment
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Uncomment
 Yes
Disable UDP time service in /etc/inetd.conf / Enable UDP time service in /etc/inetd.conf Comments out or uncomments the following entry from /etc/inetd.conf:
time dgram udp wait root internal
High Level Security
Comment
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Uncomment
 Yes
Disable TCP time service in /etc/inetd.conf / Enable TCP time service in /etc/inetd.conf Comments out or uncomments the following entry from /etc/inetd.conf:
time stream tcp nowait root \
	internal
High Level Security
Comment
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Uncomment
 Yes
Disable rexd in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
rexd sunrpc_tcp tcp wait root \
	/usr/sbin/tpc.rexd.rexd rexd
High Level Security
Yes
Medium Level Security
Yes
Low Level Security
Yes
AIX Standard Settings
Yes
 Yes
Disable TCP chargen service in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
chargen stream tcp nowait root \
	internal
High Level Security
Yes
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable rlogin in /etc/inetd.conf / Enable rlogin in /etc/inetd.conf Comments out or uncomments the following entry from /etc/inetd.conf:
login stream tcp6 nowait root \
	/usr/sbin/rlogind rlogind
High Level Security
Comment
Medium Level Security
Comment
Low Level Security
No effect
AIX Standard Settings
Uncomment
 Yes
Disable talk in /etc/inetd.conf Comments out or uncomments the following entry from /etc/inetd.conf:
talk dgram udp wait root \
	/usr/sbin/talkd talkd
High Level Security
Comment
Medium Level Security
Comment
Low Level Security
Comment
AIX Standard Settings
Uncomment
 Yes
Disable fingerd in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
finger stream tcp nowait nobody \
	/usr/sbin/fingerd fingerd
High Level Security
Yes
Medium Level Security
Yes
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable FTP / Enable FTP Comments out or uncomments the following entry from /etc/inetd.conf:
ftp stream tcp6 nowait root \
	/usr/sbin/ftpd ftpd
High Level Security
Comment
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Uncomment
 Yes
Disable IMAPD Comments out the following entry from /etc/inetd.conf:
imap2 stream tcp nowait root \
	/usr/sbin/imapd imapd
High Level Security
Yes
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable comsat in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
comsat dgram udp wait root \
	/usr/sbin/comsat comsat
High Level Security
Yes
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable rquotad in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
rquotad sunrpc_udp udp wait root \
	/usr/sbin/rpc.rquotad
High Level Security
Yes
Medium Level Security
Yes
Low Level Security
Yes
AIX Standard Settings
Yes
 Yes
Disable UDP daytime service in /etc/inetd.conf / Enable UDP daytime service in /etc/inetd.conf Comments out or uncomments the following entry from /etc/inetd.conf:
daytime dgram udp wait root internal
High Level Security
Comment
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Uncomment
 Yes
Disable krlogind in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
klogin stream tcp nowait root \
	/usr/sbin/krlogind krlogind
High Level Security
Yes
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable TCP Discard service in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
discard stream tcp nowait root \
	internal
High Level Security
Yes
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable TCP echo service in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
echo stream tcp nowait root internal
High Level Security
Yes
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable sysstat in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
systat stream tcp nowait nodby \
	/usr/bin/ps ps -ef
High Level Security
Yes
Medium Level Security
Yes
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable rstatd in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
rstatd sunrpc_udp udp wait root \
	/usr/sbin/rpc.rstatd rstatd
High Level Security
Yes
Medium Level Security
Yes
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes
Disable dtspc in /etc/inetd.conf Comments out the following entry from /etc/inetd.conf:
dtspc stream tcp nowait root \
	/usr/dt/bin/dtspcd
High Level Security
Yes
Medium Level Security
No effect
Low Level Security
No effect
AIX Standard Settings
Yes
 Yes