Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-926 | GEN006460 | SV-926r2_rule | ECSC-1 | Medium |
Description |
---|
If the NIS+ server is not operating in, at least, security level 2, there is no encryption and the system could be penetrated by intruders and/or malicious users. |
STIG | Date |
---|---|
AIX 5.3 Security Technical Implementation Guide | 2012-05-25 |
Check Text ( C-852r2_chk ) |
---|
If the system is not using NIS+, this is not applicable. Check the system to determine if NIS+ security level 2 is implemented. Procedure: # niscat cred.org_dir If the second column does not contain DES, the system is not using NIS+ security level 2, and this is a finding. |
Fix Text (F-25778r1_fix) |
---|
Configure the NIS+ server to use security level 2. |