UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Network Information System (NIS) protocol must not be used.


Overview

Finding ID Version Rule ID IA Controls Severity
V-867 GEN006400 SV-37742r1_rule ECSC-1 Medium
Description
Due to numerous security vulnerabilities existing within NIS, it must not be used. Possible alternative directory services are NIS+ and LDAP.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2014-01-09

Details

Check Text ( C-36937r2_chk )
Perform the following to determine if NIS is active on the system:

# ps -ef | grep ypbind

If NIS is found active on the system, this is a finding.
Fix Text (F-32202r1_fix)
Disable the use of NIS/NIS+. Use as a replacement Kerberos or LDAP.