4.3.2.1 Ensure inetd daemon is disabled when no additional services are required

Information

When none of the services run and managed by inetd are required then disable the inetd daemon itself.

This is the preferred state.

When no inetd managed services are required there is no need to start the daemon at boot time.

An administrator can manually start the inetd service post-IPL, should any of the inetd supported services are/become required.

Solution

Review any active inetd services:

refresh -s inetd
lssrc -ls inetd

NOTE: If there are active services and the services are required, do not disable inetd Skip to the next section and consider the implementation of TCP Wrappers to secure access to these active services. If the active services are not required disable them via the chsubserver command.

Disable inetd if there are no active services:

chrctcp -d inetd
stopsrc -s inetd

Impact:

When an inetd service is required this service is permitted. Be sure to review the section 4.1.5 Inetd (aka Super Daemon) Services later in the document.

See Also

https://workbench.cisecurity.org/benchmarks/10385

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: 684b4562bcae5fc5d3b0ecbaf659c362b53dbe89855494a63a32970b35d8f263