STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The AIX DHCP client must be disabled.

DISA Rule

SV-215355r508663_rule

Vulnerability Number

V-215355

Group Title

SRG-OS-000095-GPOS-00049

Rule Version

AIX7-00-003049

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Disable the system's DHCP client.

In "/etc/rc.tcpip", comment out the "dhcpcd" entry by running command:

# chrctcp -d dhcpcd

Reboot the system to ensure the DHCP client has been disabled fully.

Configure a static IP for the system, if network connectivity is required.

Check Contents

If the DHCP client is needed by the system and is documented, this is Not Applicable.

Determine if the DHCP client is running:

# ps -ef |grep dhcpcd

If "dhcpcd" is running, this is a finding.

Verify that DHCP is disabled on startup:

# grep "^start[[:blank:]]/usr/sbin/dhcpcd" /etc/rc.tcpip

If there is any output from the command, this is a finding.

Vulnerability Number

V-215355

Documentable

False

Rule Version

AIX7-00-003049

Severity Override Guidance

If the DHCP client is needed by the system and is documented, this is Not Applicable.

Determine if the DHCP client is running:

# ps -ef |grep dhcpcd

If "dhcpcd" is running, this is a finding.

Verify that DHCP is disabled on startup:

# grep "^start[[:blank:]]/usr/sbin/dhcpcd" /etc/rc.tcpip

If there is any output from the command, this is a finding.

Check Content Reference

M

Target Key

4012

Comments