The rusersd daemon must be disabled on AIX.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215381 | SRG-OS-000095-GPOS-00049 | AIX7-00-003076 | SV-215381r958478_rule | 2026-02-06 | 3 |
Description
The rusersd service runs as root and provides a list of current users active on a system. An attacker may use this service to learn valid account names on the system. This is not an essential service and should be disabled.
ℹ️ Check
From the command prompt, execute the following command:
# grep "^rusersd[[:blank:]]" /etc/inetd.conf
If there is any output from the command, this is a finding.
✔️ Fix
In "/etc/inetd.conf", comment out the "rusersd" entry by running command:
# chsubserver -r inetd -C /etc/inetd.conf -d -v 'rusersd' -p 'udp'
Restart inetd:
# refresh -s inetd