If IPv6 is not utilized on AIX server, the autoconf6 daemon must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-215357 | AIX7-00-003051 | SV-215357r958478_rule | CCI-000381 | medium |
| Description | ||||
| "autoconf6" is used to automatically configure IPv6 interfaces at boot time. Running this service may allow other hosts on the same physical subnet to connect via IPv6, even when the network does not support it. Disable this unless you use IPv6 on the server. | ||||
| STIG | Date | |||
| IBM AIX 7.x Security Technical Implementation Guide | 2024-08-16 | |||
Details
Check Text (C-215357r958478_chk)
From the command prompt, execute the following command:
# grep "^start[[:blank:]]/usr/sbin/autoconf6" /etc/rc.tcpip
If there is any output from the command, this is a finding.
Fix Text (F-16553r569498_fix)
In "/etc/rc.tcpip", comment out the "autoconf6" entry by running command:
# chrctcp -d autoconf6