UCF STIG Viewer Logo

Any Network Information System (NIS+) server must be operating at security level 2.


Overview

Finding ID Version Rule ID IA Controls Severity
V-926 GEN006460 SV-38537r1_rule ECSC-1 Medium
Description
If the NIS+ server is not operating in, at least, security level 2, there is no encryption and the system could be penetrated by intruders and/or malicious users.
STIG Date
HP-UX 11.23 Security Technical Implementation Guide 2015-12-02

Details

Check Text ( C-36723r1_chk )
If the system is not using NIS+, this is not applicable.

Check the system to determine if NIS+ security level two is implemented. Execute this command:
# niscat cred.org_dir

If the second column does not contain DES, the system is not using NIS+ security level two, and this is a finding.
Fix Text (F-32104r1_fix)
Configure the NIS+ server to use security level 2.