If DHCP is not enabled in the network on AIX, the dhcprd daemon must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-215356 | AIX7-00-003050 | SV-215356r958478_rule | CCI-000381 | medium |
| Description | ||||
| The dhcprd daemon listens for broadcast packets, receives them, and forwards them to the appropriate server. To prevent remote attacks this daemon should not be enabled unless there is no alternative. | ||||
| STIG | Date | |||
| IBM AIX 7.x Security Technical Implementation Guide | 2024-08-16 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-7
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.4.6
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000381
1.00
- DISA · 3 · disa_xccdf · related
Details
Check Text (C-215356r958478_chk)
From the command prompt, execute the following command:
# grep "^start[[:blank:]]/usr/sbin/dhcprd" /etc/rc.tcpip
If there is any output from the command, this is a finding.
Fix Text (F-16552r294520_fix)
In "/etc/rc.tcpip", comment out the "dhcprd" entry by running command:
# chrctcp -d dhcprd