Detections
Analytics
AIX7-00-003078 - The klogin daemon must be disabled on AIX.
Information
The klogin service offers a higher degree of security than traditional rlogin or telnet by eliminating most clear-text password exchanges on the network. However, it is still not as secure as SSH, which encrypts all traffic. If using klogin to log in to a system, the password is not sent in clear text; however, if using 'su' to another user, that password exchange is open to detection from network-sniffing programs. The recommendation is to use SSH wherever possible instead of klogin.If the klogin service is used, use the latest Kerberos version available and make sure that all the latest patches are installed.
Solution
In '/etc/inetd.conf', comment out the 'klogin' entry by running command:# chsubserver -r inetd -C /etc/inetd.conf -d -v 'klogin' -p 'tcp'
Restart inetd:
# refresh -s inetd
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_AIX_7-x_V3R1_STIG.zip
Item Details
Audit Name: DISA STIG AIX 7.x v3r1
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-215383r958478_rule, STIG-ID|AIX7-00-003078, STIG-Legacy|SV-101495, STIG-Legacy|V-91397, Vuln-ID|V-215383
Plugin: Unix
Control ID: 9fbf42f8fc2978fb490f47e7b60f5b5dd5230fb32be2425c7db6e3c6d41280ba