Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-867 | GEN006400 | SV-63803r1_rule | ECSC-1 | Medium |
Description |
---|
Due to numerous security vulnerabilities existing within NIS, it must not be used. Possible alternative directory services are NIS+ and LDAP. |
STIG | Date |
---|---|
Oracle Linux 5 Security Technical Implementation Guide | 2015-06-05 |
Check Text ( C-52353r1_chk ) |
---|
Perform the following to determine if NIS is active on the system: # ps -ef | grep ypbind If NIS is found active on the system, this is a finding. |
Fix Text (F-54385r1_fix) |
---|
Disable the use of NIS/NIS+. Use as a replacement Kerberos or LDAP. |