STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to IBM AIX 7.x Security Technical Implementation Guide

V-215352

CAT II (Medium)

If NFS is not required on AIX, the NFS daemon must be disabled.

Rule ID

SV-215352r958478_rule

STIG

IBM AIX 7.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000381

Discussion

The rcnfs entry starts the NFS daemons during system boot. NFS is a service with numerous historical vulnerabilities and should not be enabled unless there is no alternative. If NFS serving is required, then read-only exports are recommended and no filesystem or directory should be exported with root access. Unless otherwise required the NFS daemons (rcnfs) will be disabled.

Check Content

From the command prompt, execute the following command:
# lsitab rcnfs

If the command yields any output, this is a finding.

Fix Text

In "/etc/inittab", remove the "rcnfs" entry by running the following command:
# rmitab rcnfs

To request the init command to re-examine the "/etc/inittab" file, enter: 
# telinit q